fa95dfedf08ca00c50bfeb0c978e5f8b_JaffaCakes118 | Triage

Sharing

General

Target

fa95dfedf08ca00c50bfeb0c978e5f8b_JaffaCakes118
Size

195KB
MD5

fa95dfedf08ca00c50bfeb0c978e5f8b
SHA1

3053d8443d94b0d97875d373f88cc80636e3126d
SHA256

5be00c340b2acd449b06d9129b0d123061360805aa90d25eb42d3e4652c8a70a
SHA512

d8ddec67a9e0d40baeccc45b4db2a2456727d8eb7077b10c420127a9e15e14a14abe4d91b4e01845ba60a7c13c169dbba5e59b36f714ef4ab71cb5e499614d08
SSDEEP

3072:kL+YuqL8GCJek+auvQ2WhMZe8aDlafm3NMVRJLtl9xsVbw/xq7ZGBBBbdVzccB:0huaVCJM4fhMZejfMVbTxcZI/zccB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa95dfedf08ca00c50bfeb0c978e5f8b_JaffaCakes118

Files

fa95dfedf08ca00c50bfeb0c978e5f8b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4d8e9e06f8e51550e3e5089179e9846d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA

Exports

Exports

SetMirHook
UnSetMirHook

Sections

Size: 88KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE