94644ba1633e9f64f598076e5c2fdcc8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

94644ba1633e9f64f598076e5c2fdcc8_JaffaCakes118
Size

21KB
MD5

94644ba1633e9f64f598076e5c2fdcc8
SHA1

7d0f672fd0f7785033780afbeda7e7fda20da26e
SHA256

9b07fa3b66affdcb355fba39a158727bbdd9b21b092829e55c475288bdb1bce2
SHA512

c330ae53d2ecfc671ec42dda9ec7134301720c9ec5057030a2bfe11f355a42671b93bbe4d77ca39652b5c7507a2842298845ec2a5645a72e7d8e176711404b17
SSDEEP

384:hMcH1YMSaKfSnzxReD580yK3KKfMojA1ft2l4f4X797teWqwj6VUeKfSn0fyK3K8:V10aaGR90yK6aMWWVe4f2R7tQw2VUea3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94644ba1633e9f64f598076e5c2fdcc8_JaffaCakes118

Files

94644ba1633e9f64f598076e5c2fdcc8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

17e56da1b33bd9b243c8d8017e1fea48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
GetEnvironmentVariableA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA

Exports

Exports

DllMain
WLEventStartShell

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ