5f863b8d3d6306693eeb82402b5e3d7a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f863b8d3d6306693eeb82402b5e3d7a_JaffaCakes118
Size

25KB
MD5

5f863b8d3d6306693eeb82402b5e3d7a
SHA1

1b3320fcf11784f5ee710a015d9245b59ff650e1
SHA256

a6550dca016fdf04bce21e6f37230ebf0b5e603e1f0ac2a700711232914e467a
SHA512

8ebb1c9f721e49cb282ce7c5e00699a4e7448e89da94cf329ad27499fa8e777ecb5df2564502df520cd5c144dff92b1957c70adf3e3f3e4574895d9ef379a52c
SSDEEP

192:MwuHz5FJXE9y6jLlPYOfkSrI+M6LBrk0PTYuqCObbz:4Hp09y6jLlP33rI+p1bbQCQb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f863b8d3d6306693eeb82402b5e3d7a_JaffaCakes118

Files

5f863b8d3d6306693eeb82402b5e3d7a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

db67dc0f96fa13787f854d31ee27f510

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

keybd_event
MessageBoxA
MessageBeep
GetWindowThreadProcessId
GetKeyboardState
GetClientRect
GetClassNameA
EnumWindows

kernel32

GetModuleFileNameA
lstrlenA
lstrcmpiA
lstrcmpA
WriteProcessMemory
VirtualProtect
VirtualAllocEx
Sleep
OpenProcess
LoadLibraryA
CloseHandle
CreateRemoteThread
CreateThread
GetModuleHandleA
GetProcAddress
GetTickCount

Exports

Exports

_SetRight
_start

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 520B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 983B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ