091de39fcbd3a5b3c005494cc07eea86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

091de39fcbd3a5b3c005494cc07eea86_JaffaCakes118
Size

7KB
MD5

091de39fcbd3a5b3c005494cc07eea86
SHA1

b249f34cda87fd58b4608bcafb6a1b27e2f76c45
SHA256

3359f705e682dbeeb02ce98269d8d7a9a23e764e6db99a261217037f4001dee8
SHA512

20db358468aa196f9f73342936fd1b2b4f387616aeed2108fc3861203d84e320e4f20cef705b6bb5aaaa2edaf7d18045bb5e1bfe128a848ea7278d40238c2791
SSDEEP

192:oIcR3/K62JoE8HR3/t+K+yUoQaQoqMuB:baK9oE8Zt+NyUoQaQos

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
091de39fcbd3a5b3c005494cc07eea86_JaffaCakes118

Files

091de39fcbd3a5b3c005494cc07eea86_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4c3196578f29f925563c12042017cbe5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
lstrlenA
CloseHandle
Sleep
TerminateProcess
ResumeThread
SetThreadContext
VirtualProtectEx
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
CreateProcessA
ExitProcess
GetProcAddress
LoadLibraryA
GetModuleHandleA
WriteFile
CreateFileA
lstrcatA
GetWindowsDirectoryA

ntdll

ZwUnmapViewOfSection

Sections

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ