0f9898cd8538c6b7b203054db11e3690_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f9898cd8538c6b7b203054db11e3690_JaffaCakes118
Size

223KB
MD5

0f9898cd8538c6b7b203054db11e3690
SHA1

6193d4bfa58a4e6a4f9f8aa46b03a3fba66a5774
SHA256

16253796270aa53c5b8ac4b8896340d4b7802aaabc5a32a4fb380c721db032bb
SHA512

8412a7395c2cbb03b1c430e6d5cfcb07162f2abceaea3b9085b00274df7708a7ae3a9e8f7b516b620e0888c5943b600e7abf890b4962244c696c523f1137211b
SSDEEP

3072:A6r66cV2uvFE8Qmj4hQy/5nnPbX0jy/E/91L8P0qrhQ0Adcqc:A6rHc+8T0n70SP0qWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f9898cd8538c6b7b203054db11e3690_JaffaCakes118

Files

0f9898cd8538c6b7b203054db11e3690_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3888ae2f881719fdf1a6be68dc3ee704

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Correspond\Of\Or\May\Versions\From.pdb

Imports

kernel32

GetConsoleTitleW
VirtualLock
OutputDebugStringW

shlwapi

PathFindFileNameA

Exports

Exports

LaterIncorporateVersionProcess
OfWwwMechanismThe
StandaloneANewerUpdate
TheFor
ToTechnologies

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ