103db41637f5118be6a8b574e741c756_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

103db41637f5118be6a8b574e741c756_JaffaCakes118
Size

64KB
MD5

103db41637f5118be6a8b574e741c756
SHA1

e130ae4d13ec052fb98e4143b19dc2e5515d5fa5
SHA256

bbee3ff5ddfa586f9f67b0a30defb7dee53afc862247f1a0b6543b30dfcd210f
SHA512

89513532f5d9bf037e055c5cc79c6e70bf5012061de54f43a1333a9a777258e5c869a0b6358767caa67cae3463b1fa80c0524f866a12c62c34a674a8d96d5765
SSDEEP

1536:KuvC5VqEVMuRVwlxblrj+fmu7fQ2h6UZULifZ/N:tq5VqUVwHlrjeQ2B+WZ/N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
103db41637f5118be6a8b574e741c756_JaffaCakes118

Files

103db41637f5118be6a8b574e741c756_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1c372311534116eeffdf56f3f6c69c5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
ExitProcess
GetProcAddress

user32

wsprintfA
MessageBoxA

Exports

Exports

terlockend
ServiceDo
ServiceMain

Sections

fe
Size: 27KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rav
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cea
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dta
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

btsv
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

r3
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vs
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE