19d126e528c422aec7280cca54bd14c2_JaffaCakes118 | Triage

Sharing

General

Target

19d126e528c422aec7280cca54bd14c2_JaffaCakes118
Size

104KB
MD5

19d126e528c422aec7280cca54bd14c2
SHA1

1ce611d34fdd94723739294e65629cbafbf0a819
SHA256

292a49e16b1499130d69a513421f607cf1dbf13a442dc68cf8578689447eca8f
SHA512

a7c1a43165318dc1b347269ee0792cf7494cee788316de332af672b192fd8d263ae44f6378f9be22b6322cef0778a70cd002e9ad42582ef83bdabfd247136572
SSDEEP

3072:Yx73qAAdzsMEYQ5sdTtz1Eu93H3bOtCLu:qqAAdzOvEEwH3beCS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

19d126e528c422aec7280cca54bd14c2_JaffaCakes118

Files

19d126e528c422aec7280cca54bd14c2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

47b95eaa8a92898962a601a6fb44ee48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
free
malloc
_initterm

kernel32

DisableThreadLibraryCalls

Exports

Exports

JGS6EncodeBlock
JGS6EncodeBlockQuery
JGS6EncodeCreate
JGS6EncodeDestroy

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE