f683487a5fd62a42abf782e0ea860f00_JaffaCakes118 | Triage

Sharing

General

Target

f683487a5fd62a42abf782e0ea860f00_JaffaCakes118
Size

337KB
MD5

f683487a5fd62a42abf782e0ea860f00
SHA1

f47b0d2035c4d3b165f12a70160fe4e07e3c88f5
SHA256

e5a7f568c2991f81455910c4e5ed174c9823928ea1e930225389e56f8e09e5f6
SHA512

c033fb5bb19d6caf5e0645c80171231763ae06600991941109a45f58e142e75fd801c2cefdf777caf2101e9415c346089ff5c1eb11a94968a24ae1a322073756
SSDEEP

6144:7oR1TE4E0aeN+hjs2cwxw4kujnlSabioxHcw/zEP+I1Mx69ghzw:l0aeyY2f3nl/bRxcw/w+z69ghzw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f683487a5fd62a42abf782e0ea860f00_JaffaCakes118

Files

f683487a5fd62a42abf782e0ea860f00_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

AcsHlpAttemptConnection
AcsHlpNbConnection
AcsHlpNoteNewConnection
Dllmain
Dllrun
InitializePrintMonitor
Install
ServiceMain
WSAttemptAutodialAddr
WSAttemptAutodialName
WSNoteSuccessfulHostentLookup

Sections

CODE
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ