3e249e805dd5c14cbd799e6927fb787c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e249e805dd5c14cbd799e6927fb787c_JaffaCakes118
Size

25KB
MD5

3e249e805dd5c14cbd799e6927fb787c
SHA1

04a75c15404d43753379fb61186bbf4b0e9332b4
SHA256

39d128af7d8e2ebed1766aacc3f8846c45310b0a3d5b5ad0732ee07edffd96d7
SHA512

268aa64bab4ffea40f8e8779b40214cfa7100218212c6c53d54456390ac953b189a52399078493d9a7827e5e1d6f75f38210b9c5de6df29ebd5d135d9023e112
SSDEEP

768:tYy5aahq1VtAu7dj9CiWxCnYcFXA/jOq:69ahqJJgeDFXA/a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e249e805dd5c14cbd799e6927fb787c_JaffaCakes118

Files

3e249e805dd5c14cbd799e6927fb787c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5d0da584648aa3f010e48fcbadcc9991

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

comctl32

InitCommonControlsEx

kernel32

GetProcAddress
VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc

advapi32

QueryServiceConfigA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 330B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ