03020a387b0fc5b34f45ce9b75a91fb9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03020a387b0fc5b34f45ce9b75a91fb9_JaffaCakes118
Size

100KB
MD5

03020a387b0fc5b34f45ce9b75a91fb9
SHA1

89296c0bf3a6d56609266c8bca4dbf166e4e8783
SHA256

062d0d75f68ef050b90a079b72d9c4bbc7e7f13b10b35c47560dae120629c1a3
SHA512

4771abc866e9ff741c690c8f0572af62ed0c6dfe65e9b009397cd2fc0ff2bac5e13f3adbee86ac834b4e50c7ff16d877306dd1e41580eabbe3758d7466ea5a0d
SSDEEP

3072:PDwbgkuIolhIMzOemirqSFsG1Eowugqu:PUbgGo3ISOemirqK2nuy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03020a387b0fc5b34f45ce9b75a91fb9_JaffaCakes118

Files

03020a387b0fc5b34f45ce9b75a91fb9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dae0b8f7197c8f447af36cb6ce715ccf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

BuildCommDCBA
GetAtomNameA
HeapFree
FillConsoleOutputAttribute
DeleteAtom
GlobalAlloc
DeleteVolumeMountPointA
GetNumberOfConsoleInputEvents
GetSystemTimeAsFileTime
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

text
Size: 8KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

idata
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ