39856c8c58c998870a59ac18334965b8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39856c8c58c998870a59ac18334965b8_JaffaCakes118
Size

81KB
MD5

39856c8c58c998870a59ac18334965b8
SHA1

6c4eb1086c59eaacaec3d8a3a8dab66ef90aee9d
SHA256

01672e71f1324043b8845735db043211929bc1688e09e4016bd366b0155f0537
SHA512

e7fbd1e2d9bf4f52006fc3c39c58e4b82707bfe96f5c4f0feb654b1f13f1ab88c88ba2bbe24353c8c7dd9b121a3fd44a455bf761a7b36038af626af2be334da9
SSDEEP

1536:3JCP4vNpJc7zz+7mkDrFFvV9dyxypYpIBs4idZq8R+hwscgPDs/ySNHcN:3JCgvNbEEmWLAxN7BdZq8gw0LkyV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39856c8c58c998870a59ac18334965b8_JaffaCakes118

Files

39856c8c58c998870a59ac18334965b8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

42fb9692a824e417416408cd022b278d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindAtomA
GetModuleHandleA
GetProcAddress

user32

GetDesktopWindow

advapi32

RegQueryValueA

Exports

Exports

gwahfps
thfdkm

Sections

.text
Size: 1024B - Virtual size: 797B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ