861f1ea6a6eefb1753114092c783de45_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

861f1ea6a6eefb1753114092c783de45_JaffaCakes118
Size

22KB
MD5

861f1ea6a6eefb1753114092c783de45
SHA1

393c09d40a57cb668cfbfee3bfbd60d3aeeec8a8
SHA256

f110e01cd457f581ce88830001cec90c89d62d43c1193c1480acdb8433906725
SHA512

e6bfa82c67cfeb4182a4e0a93a4ecd2be046580bdf67c74f25ceafc900a14812bfe1e4ba8a6f304320af4549a3a4af99bddfa2b959fc560d7393d0ec4c4f1634
SSDEEP

384:4bMKELQKyaXIF+x1RrlU2tNB8jwHKYNJ/goT6yI5pWVyr55sEZ:W41yaXD3b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
861f1ea6a6eefb1753114092c783de45_JaffaCakes118

Files

861f1ea6a6eefb1753114092c783de45_JaffaCakes118
.dll windows:5 windows x86 arch:x86

46bbfa29ebab19e4488a5328f08f61f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwAcceptConnectPort
ZwCompleteConnectPort
ZwReplyWaitReceivePort
RtlCreateUserThread
ZwCreatePort
ZwUnmapViewOfSection
RtlInitUnicodeString
swprintf
ZwClose
memcpy
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwOpenFile
RtlImageNtHeader
RtlAddressInSectionTable
ZwQueueApcThread
RtlImageDirectoryEntryToData

�a

LocalFree
��
FreeLibraryAndExithY
LocalAlloc

�e��'��ȁ�u �e��e

<�
��_^[��
�9}��E�}
P3�h�
�
��U��@�ES�X3

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 182B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ