fd3e06e4cc4f327451b8917b2c3295d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd3e06e4cc4f327451b8917b2c3295d7_JaffaCakes118
Size

56KB
MD5

fd3e06e4cc4f327451b8917b2c3295d7
SHA1

b1f8f0aa29039bd3c3edc371c3186c394bc5d852
SHA256

7a121b3bbdc3e6014258a50ea19fae53027b7602dfe6e95393bf933164a2db2d
SHA512

b4f2d7f124f3f45880316c016a9c51cb6ca699b2b4d1327597fedd9cb8b8cdfc190fef688aa7102d9f22a59aa1692e7a60250483102eebfed1339068f3c44b5f
SSDEEP

1536:3qeB8zB8ccE7BHN8sNdSE0ajhg+L1vJ/Qyp6Yoj:3qeYeZE7FiwdRD1J/Qyg9j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd3e06e4cc4f327451b8917b2c3295d7_JaffaCakes118

Files

fd3e06e4cc4f327451b8917b2c3295d7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

99f5b0b723d6fca2813f516623081e1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
VirtualAlloc
ExitProcess
GetProcAddress
LoadLibraryExA
GetModuleHandleA
VirtualProtect
GetModuleFileNameA
FreeLibrary
GetLastError
CreateMutexA
LoadLibraryA

user32

wsprintfA
MessageBoxA

Exports

Exports

ResetSSDT
ServiceMain

Sections

.data
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_cod
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ex_rl
Size: 364B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ