136fc0ced8c03f0e014ea2c185adda3d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

136fc0ced8c03f0e014ea2c185adda3d_JaffaCakes118
Size

32KB
MD5

136fc0ced8c03f0e014ea2c185adda3d
SHA1

e947bf71233c63c79ff3a8635fa48c8ce777f2e8
SHA256

e37e14534ffc77eab5d7635496240a99628dc34a956fcbc9bf1ea99a3486d630
SHA512

c6ca1f9405fb689feada34113f3ffec0cf181eb37529af69c1cbd16353f07ce809deb939bba781f421c10a6af0b2bd3d547afc55fa328ccd64e09860e3479b85
SSDEEP

384:wAa2iOZ0AK67O+EGx3Np7ojBEmxqO+nr:wKxZ0zvQ3Np7cPxqOG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
136fc0ced8c03f0e014ea2c185adda3d_JaffaCakes118

Files

136fc0ced8c03f0e014ea2c185adda3d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

Activate
DllCanUnloadNow
DllGetClassObject
HookProc
Logoff
Logon
Start

Sections

.text
Size: 16KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE