19dc7567ee06bffd06641d26445a8588_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19dc7567ee06bffd06641d26445a8588_JaffaCakes118
Size

88KB
MD5

19dc7567ee06bffd06641d26445a8588
SHA1

ed7c9c070c478d2e21568fffcec80d2dff23878c
SHA256

440b6639067b025bbcaf08cf01ed477a168d39cbad687494babee2f6aa4cb099
SHA512

967b8cc673cdf9727e0df7514db387027f5d89bc63025121ffb1a4adc0c3f2b4047b4586b56533e7d1d84a8f2a4f5d5b34cc970d6509829e135b994a6d1d1560
SSDEEP

1536:L6qTGE2xaSF7q7Yxj6dmLkQZOzobFDeKxo3taq9q:L6e47q7NIrkCjotO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19dc7567ee06bffd06641d26445a8588_JaffaCakes118

Files

19dc7567ee06bffd06641d26445a8588_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1f43762e71e218031a9f007676e93834

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWriteWatch
CreateTimerQueueTimer
LocalLock
RegisterConsoleVDM
SetTapeParameters
FlushFileBuffers
FillConsoleOutputCharacterA
FindNextVolumeMountPointA
GetSystemInfo
CancelDeviceWakeupRequest
HeapAlloc
CloseProfileUserMapping
IsDebuggerPresent
CreateHardLinkA
TlsFree
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

.rc3sec0
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rc3sec1
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rc3sec2
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rc3sec3
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ