db6c2589671b332c4400699674880d3f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

db6c2589671b332c4400699674880d3f_JaffaCakes118
Size

2.5MB
MD5

db6c2589671b332c4400699674880d3f
SHA1

399ecd49f1954ae6c539bee2f87bc5f05e3bd291
SHA256

58234464b67045ea93af25e09b131c184c40832442de5672a73bac75dfee9149
SHA512

4d3d2212ee873123c43a9db6b032c36a156d52c90dda964a888a6e9e8e1ce06c73cec315b843867423aeb60b17419979869976debb5ddce66eba4d278a563a90
SSDEEP

49152:h6iFJ4jFsfni/av9riuSP2nS22lv4BYm9k47JBxv7s1gqDOiJCsY:h6iT9fnTjSeVqv4RL7nxv76/cz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db6c2589671b332c4400699674880d3f_JaffaCakes118

Files

db6c2589671b332c4400699674880d3f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

baa93d47220682c04d92f7797d9224ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

DXKHook
EXKHook
HexToString
MapGlobalData
Search

Sections

Size: 700KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fhmbarib
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ytpzeqtd
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE