16001725169ca21396b2b16ababbf08a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16001725169ca21396b2b16ababbf08a_JaffaCakes118
Size

188KB
MD5

16001725169ca21396b2b16ababbf08a
SHA1

0cf98dae59054dbe17ce52d0a9dca136367c9881
SHA256

d20a579372296b75b32ccf99834bead302951598eb209df5e4e073924cffb875
SHA512

c6e3223d0db321acc07ce9d01df57d06e23d9142e8dad4be02dcc1c247403244d908aad70ef67aa57cb0b5a747fe6f677dd232801593067278793bbb6fcc6013
SSDEEP

3072:4FVd8No9EzfVakCpIUZV+NInROITg2b+lXbqWokZc:4HdEaEzfHOjRO2b+JqWO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16001725169ca21396b2b16ababbf08a_JaffaCakes118

Files

16001725169ca21396b2b16ababbf08a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

47b95eaa8a92898962a601a6fb44ee48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

RtvEBlockQuery
RtvEDestroy
RtvEncodeBlock
RtvEncodeCreate

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 374B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 234B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE