b0958d20f605a5bc76d51934b752d1a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0958d20f605a5bc76d51934b752d1a9_JaffaCakes118
Size

24KB
MD5

b0958d20f605a5bc76d51934b752d1a9
SHA1

da0ae0ee5ceb5b51b59f4a9d5b2328af35978999
SHA256

9cb6e7e7af28061ad578e5daa2fe3cb5c58ad4e9c92c7f7818aeca0e2a72ea87
SHA512

88365130b8ecc4b1ec0c6a4b1a0087f34058dd0be12040dc72e5e26a035d9a25400417ce9f5e9556c097a3f0205b54b6754d94b2f21a18ce6de92a2efacc7a3e
SSDEEP

384:l0xQW9meqik9I6SsgjaROAPgME1nEeX47lb6D0KNffNtcJMPIB7C:gDUhgGROAPC1ZX471fzvB7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0958d20f605a5bc76d51934b752d1a9_JaffaCakes118

Files

b0958d20f605a5bc76d51934b752d1a9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ee9c2e7eec9fb43ccc2fc2d55d24b77f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc

dhcpcsvc

DhcpEnumClasses

user32

MessageBoxA
LoadStringA

ntdll

NtAddAtom

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE