89d27464b4b5810248a671895d0486f4_JaffaCakes118 | Triage

Sharing

General

Target

89d27464b4b5810248a671895d0486f4_JaffaCakes118
Size

15KB
MD5

89d27464b4b5810248a671895d0486f4
SHA1

c08bfcfe10863b47907cf707f123f874d220592b
SHA256

09477c46debffca714d4e516902b8a13daa9014c1bcf4563c52b6d59fa791fc5
SHA512

f88fec3f764d44970607faab6430a3a4182e6c44374fa40fea1c5a9c3c3c540ad9fe63e13d78d76c224efec674fbc7e0899f8f2928a8d81b53e425119bf4d0f4
SSDEEP

384:lzbrMj7orfjKPv+aK/H3PaSH9v8Y3v5WMo/bwW:1bAjcjgjOfldv8Y3v+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89d27464b4b5810248a671895d0486f4_JaffaCakes118

Files

89d27464b4b5810248a671895d0486f4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a748f28cb9486b22c180113d5d12668d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
lstrcmpiA
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
ExitProcess

msvcrt

strrchr
strcat
memcpy
strlen
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

DriverProc
widMessage
wodMessage

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ