081b9cacd231dec4ed73e08d0445c2f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

081b9cacd231dec4ed73e08d0445c2f9_JaffaCakes118
Size

5KB
MD5

081b9cacd231dec4ed73e08d0445c2f9
SHA1

1b5381295a4b287b7ea4f432170dca50a02c5222
SHA256

32d9931211c515ed5861138090ddb569d209c86c9f38093d40ac4fc9b231a3c4
SHA512

b7759b151475b5fdd6f4193e850421395a131cb87bd8e2db45ab43a6a6658517a52192ca176dbf45c4106adc3be146cc98face99fb65e8abe527456d3dac0147
SSDEEP

96:HpWbE6Tm44W7Q32hw2qBu6drRCtHabt2IIsQ/:H8bNv97Yu6JRwU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
081b9cacd231dec4ed73e08d0445c2f9_JaffaCakes118

Files

081b9cacd231dec4ed73e08d0445c2f9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

88e6d642c3253085680e4329b82a8e19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetAsyncKeyState

kernel32

GlobalAlloc
lstrcmpiA
Beep
CreateThread
CreateToolhelp32Snapshot
DisableThreadLibraryCalls
GetCurrentProcessId
Module32First
Module32Next
Sleep
VirtualProtect

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ