66532270b015f0a17677d779c459c8a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66532270b015f0a17677d779c459c8a2_JaffaCakes118
Size

19KB
MD5

66532270b015f0a17677d779c459c8a2
SHA1

24c91a75e9b00dcb3e75118855aec6a12aa1d733
SHA256

41b24f8f57e913198221b8cf8c2a036839c824999205ec41db5026d86c73e11b
SHA512

c1a4397848c8377cc7980f4fe7a20c4c7196e234a12327d0079fee0446e29dfe07536084129eb80bccc33689e214031ecf8b691931d12743b3831862c2c01504
SSDEEP

384:Ynh/RTb585LHbF/u2PlhCItMyspInf8D8SM7:YVcRGqloItYq7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66532270b015f0a17677d779c459c8a2_JaffaCakes118

Files

66532270b015f0a17677d779c459c8a2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92b3338b6d16c00b834452d2b2165761

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CreateThread
DisableThreadLibraryCalls
ExitProcess
FindAtomA
GetAtomNameA
GetModuleFileNameA
GetModuleHandleA
Sleep
VirtualProtect

msvcrt

__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc
memmove
strstr
system

user32

GetAsyncKeyState
MessageBeep
MessageBoxA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ