65a5902a31bdad7c6e1407d3f764aec4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65a5902a31bdad7c6e1407d3f764aec4_JaffaCakes118
Size

5KB
MD5

65a5902a31bdad7c6e1407d3f764aec4
SHA1

5230b0fcc45b86e7591ca25f9b024209b2142379
SHA256

16c94a4f66941b669049adc550ef85bfddf5a6fe15d35a6bc4222abbfa8fc273
SHA512

ec2afeb079a7289593f0c60282ef7ace6508742d6d4bf9bf1cd9e9658bc9e71c0b5c85b78ce16b86d761a4db5795db9b359f5387eb76fc07a73c029acfba6f10
SSDEEP

24:etGS2L6i61dyMS4cuEOQ8YOwr+tSgJWJzBhD3zPrso5CY0QMIkAZC4eU7RGlzQB9:62LcdyJ408Vw0ApyAezQBinXbqadx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65a5902a31bdad7c6e1407d3f764aec4_JaffaCakes118

Files

65a5902a31bdad7c6e1407d3f764aec4_JaffaCakes118
.dll windows:1 windows x86 arch:x86

16c0baa68d47f2865c18848020fc7ddf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetEnvironmentStringsA
RtlUnwind
CreateProcessA
WinExec

advapi32

RegCreateKeyExA
RegEnumValueA

crtdll

_fdopen
_open_osfhandle
exit
fclose
_cexit
malloc
memset
printf
raise
setbuf
strcpy

Exports

Exports

DongMain
LoadCurrentPwrScheme

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 136B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 696B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 140B - Virtual size: 140B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 104B - Virtual size: 104B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ