735f2a568452d40fb3bf3b62cec9782c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

735f2a568452d40fb3bf3b62cec9782c_JaffaCakes118
Size

4KB
MD5

735f2a568452d40fb3bf3b62cec9782c
SHA1

444f3a75f9df6739c4550c287f5cfcf25488dc80
SHA256

9cd75b9dd392dcdc356c508cb7a82055eef1b32c02d34164693d1a27f8dd9f92
SHA512

84861094d90659ab041e24baa13a36ac10d78858b96f81f64541d5b17e2796400708e9172553565c86476c6afa174355b3c914e3524e458e139b3e7b64bedefa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
735f2a568452d40fb3bf3b62cec9782c_JaffaCakes118

Files

735f2a568452d40fb3bf3b62cec9782c_JaffaCakes118
.dll windows:1 windows x86 arch:x86

877140c125fc587bb5ad08247fc8d144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
ExitThread
OpenProcess
RtlZeroMemory
SetEvent
SetSystemPowerState
Sleep
VirtualAlloc
VirtualFree
lstrcatA
lstrcmpW
lstrcpyA

advapi32

AdjustTokenPrivileges
CreateProcessAsUserA
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken

user32

CharUpperW
ExitWindowsEx

ws2_32

closesocket
connect
recv
send
setsockopt
socket

shell32

ShellExecuteA

ntdll

NtQuerySystemInformation

Exports

Exports

botkomand

Sections

.flat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE