fbe803bb81ef26ef565edab14e2eb7b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbe803bb81ef26ef565edab14e2eb7b7_JaffaCakes118
Size

5KB
MD5

fbe803bb81ef26ef565edab14e2eb7b7
SHA1

c2fa5511b61054b78154f50a4690affbfb9c7d4b
SHA256

9f63975fdfc9bf27dae251d8015a5d4e1a0ca892eeff56cbb3a4a2f2fcaf7ebe
SHA512

fb9d313864f84b100889cf7baeae717156b739852d59db8d7e1a5b94c34f22a67e4ab05d28ef858d96112918abab00c00366862067c0f06da45691837e480652
SSDEEP

96:Z1G5aLUjCqgQrOMH2K+4OpSbERzW35hV19eT0YAiWc:Mc58H2KorQ5p9oAiWc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbe803bb81ef26ef565edab14e2eb7b7_JaffaCakes118

Files

fbe803bb81ef26ef565edab14e2eb7b7_JaffaCakes118
.dll windows:1 windows x86 arch:x86

79626349bb257a23892e8f948dbddc1f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwProtectVirtualMemory
ZwAllocateVirtualMemory
LdrGetDllHandle
LdrLoadDll
LdrGetProcedureAddress
RtlInitAnsiString
sprintf

kernel32

CloseHandle
CreateProcessA
CreateThread
DeleteFileA
GetModuleFileNameA
GetSystemDirectoryA
LoadLibraryA
MoveFileExA
VirtualAlloc
VirtualFree
_lclose
_lcreat
_lwrite
lstrcatA
lstrlenA

Sections

.flat
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE