ef5840d0850f0c32ab73cdbd472f2d39_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef5840d0850f0c32ab73cdbd472f2d39_JaffaCakes118
Size

298KB
MD5

ef5840d0850f0c32ab73cdbd472f2d39
SHA1

a68d567b45e54ddc04db2b27e4470854cac61ee7
SHA256

3766dd81456af2c7b77023e01341f77d33cc600f7e9bca573deefc505e1a4580
SHA512

55f82bff0eac34d27e158fc830f9b0377d5d76c7de503bd170bff3ed9ae5931bb7d8e1fd2c88080afb72760f6eaf2f36158cb39e5991a9be42ed642935dcaa23
SSDEEP

6144:X6KlfWAlInplcMQhd4nDWgRAkP4O6VGQn8xID0DMFuHsMimsGtfFNmpuCqsVIwoF:zqZQhwR3P4rGLxe0DVMSr9QcCqsE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef5840d0850f0c32ab73cdbd472f2d39_JaffaCakes118

Files

ef5840d0850f0c32ab73cdbd472f2d39_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain
UninstallServer

Sections

.textbss
Size: - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 290KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 872B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 99B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ