39389b86a6205ba3c91787fe85ba13c0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39389b86a6205ba3c91787fe85ba13c0_JaffaCakes118
Size

96KB
MD5

39389b86a6205ba3c91787fe85ba13c0
SHA1

c6b591903fa4791e5dcf2f803803ce63e56ea404
SHA256

bcdceb47f8acf56916297f6263f0e04ff319872e3a0c542c55c58a69e6331047
SHA512

2df77ab6d1d1e730d25ff8d2b40c0cc8680c1ed295c14ef984287e83466ce8abe20ae6829dbe4a17c2ca48f21b2663da563ebdc3f25b29eadf9d48e345492b5f
SSDEEP

1536:k3/mQ36qoufOcnszJM+lT4oSEfr03oVmB:s/d/otWszm2UoPVm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39389b86a6205ba3c91787fe85ba13c0_JaffaCakes118

Files

39389b86a6205ba3c91787fe85ba13c0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ServiceMain
Qy001Service
Qy001DoMainWsSk

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

system
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

NewSec
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

whm
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE