647d3e5968e587fe57e1c8bb429e1893_JaffaCakes118 | Triage

Sharing

General

Target

647d3e5968e587fe57e1c8bb429e1893_JaffaCakes118
Size

50KB
MD5

647d3e5968e587fe57e1c8bb429e1893
SHA1

18a510b781a1921ee1e3eae464af753560435dd1
SHA256

c74c73620ecf20e3053aac454748a56424151a58810a3c89eec3393b0288d4e0
SHA512

86f24d0def274fb46c591e75582fc7f88d785c5d6436360ca2b5334457aa85f59f468e4a0daedc04f950b29ca45874379253978ff4269ff478bf83e27bed9cdd
SSDEEP

1536:+zQ55nvjrP/cukXDcubtQzqm0I5lKIrP8xF:+M55n/kuCgYdm0VIrP8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
647d3e5968e587fe57e1c8bb429e1893_JaffaCakes118

Files

647d3e5968e587fe57e1c8bb429e1893_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f2207f451b765839c29fbb466e1e6dd4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntoskrnl.exe

_stricmp
ZwClose
strcpy

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE