5d5ba95483faf690303838e5c34b902b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d5ba95483faf690303838e5c34b902b_JaffaCakes118
Size

100KB
MD5

5d5ba95483faf690303838e5c34b902b
SHA1

af2c3b363e36daaed9f12ffbb67eeab40f71bb7c
SHA256

ce48c0965cb1edc85073a24ed4e9c8edc43c8885f4a63ac4c71e93525546d1f0
SHA512

0bb0e3ae71269ff7c26b7af3266a44bb68a88208e648f46717304ee64684d98a84ab60adc8560e19f3c1c2b8a08b5f833de411ea1f6a366d8780021bc75ab178
SSDEEP

1536:QDqHrG5ljX0btwWhNvnXg21TwC48r2zAaDCopoCB5GGxWba3nP/vJK:igqljX0bt/g29NBCuopokBWW3P/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d5ba95483faf690303838e5c34b902b_JaffaCakes118

Files

5d5ba95483faf690303838e5c34b902b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

83aafe1aa3f0af9d7e1f96269893b7c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReplaceFileA
SetLastConsoleEventActive
ResetWriteWatch
ClearCommBreak
SetTimeZoneInformation
BackupWrite
SetProcessShutdownParameters
LocalFree
Toolhelp32ReadProcessMemory
GetProcessAffinityMask
GlobalHandle
SetFilePointerEx
CloseHandle
GetCommandLineA
ExitProcess
GetStartupInfoA

Sections

data
Size: 8KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ