5fef11bb552168e75404111d1410262b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5fef11bb552168e75404111d1410262b_JaffaCakes118
Size

21KB
MD5

5fef11bb552168e75404111d1410262b
SHA1

16075d03ef8b2eea0510cdc3e4371d1f8ec32606
SHA256

55ad5a56715279bddc129769c1781cd593bf23be7353e0180763f155b0d9fe57
SHA512

4dbdd1317bb6d75d6be0daf635b6226b5b1e47310c1c7e526051455e01272fa069ae517723ac1240b35d6d2bb69fa55da701ecb84271d6d03fc19894c41ab7ef
SSDEEP

384:lBqYAJzHB0qhLPCBnCGfABVGsfNxu+1wSVDrPn1AHEEjLaK:lBaZCBCSIf7pb1AHuK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fef11bb552168e75404111d1410262b_JaffaCakes118

Files

5fef11bb552168e75404111d1410262b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

17e56da1b33bd9b243c8d8017e1fea48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
GetEnvironmentVariableA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA

Exports

Exports

DllMain
WLEventStartShell

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ