6a1d5951317c716d1e02381a1276ef92_JaffaCakes118 | Triage

Sharing

General

Target

6a1d5951317c716d1e02381a1276ef92_JaffaCakes118
Size

10KB
MD5

6a1d5951317c716d1e02381a1276ef92
SHA1

46d87fd90af39b8c5e9f94080ff2865e38ebfb6c
SHA256

2e3146a661820d95c2b75f05e3e36e18151416cb5fbb31eb53130c74a2259534
SHA512

dd869ee30c8a9920746f209710024ba6d3e844cdc6e3691759fed4a3a1c5649bb145cf90746d8dd85b2f2436c153ceff95126ebdb487346523818ed584ddee7c
SSDEEP

192:a7PNOXl3Pn2/tg6zbLqPAZrwnR7WMo/bwW:A2l/21Rzf7cnR7WMo/bwW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a1d5951317c716d1e02381a1276ef92_JaffaCakes118

Files

6a1d5951317c716d1e02381a1276ef92_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a78e8d42a499490f8303bbe82d1bb4a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
Sleep
CreateThread
lstrcmpiA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
VirtualAlloc

msvcrt40

strrchr
strcat
strlen
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

DriverProc
widMessage
wodMessage

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ