10af840c6fab21d128bd3358c3d8b567_JaffaCakes118 | Triage

Sharing

General

Target

10af840c6fab21d128bd3358c3d8b567_JaffaCakes118
Size

120KB
MD5

10af840c6fab21d128bd3358c3d8b567
SHA1

5d714652d10aca293787fbc250c5d4bad14f292c
SHA256

d07b6e32b5993974c5662dbfa6dae23a623cf5f824451336facba3776d1be5bb
SHA512

9db089422b24d5d72662f74a44fe71c31b4c71e14571bd820b427015f16f646c0e2e0ff954581d578d0afac97a8ab46478cab1b29c58bc781c930990e6f0fc05
SSDEEP

3072:N61Ye3TaEu2CoCcn3zO7A4D8Xzd125+kV4m13EaOlfBL:sTa12CoCckAe8jd12FmL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10af840c6fab21d128bd3358c3d8b567_JaffaCakes118

Files

10af840c6fab21d128bd3358c3d8b567_JaffaCakes118
.dll windows:4 windows x86 arch:x86

346d60e37a38da26b7d234c6530424cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_initterm
_adjust_fdiv
malloc
memmove
free

kernel32

EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
SetErrorMode
LoadLibraryA
GetProcAddress

Exports

Exports

JgedCreate
JgedDestroy
JgedDisableComponent
JgedDuplicate
JgedEnableComponent
JgedProcess
JgedSetOption
JgedStart

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE