b52fbbdb1f17457f9fa893d7dc6cf575_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b52fbbdb1f17457f9fa893d7dc6cf575_JaffaCakes118
Size

3KB
MD5

b52fbbdb1f17457f9fa893d7dc6cf575
SHA1

4e47052576b5508a4a8b8d480b45c128a80bde31
SHA256

bdfc58d86c475af0ab4b5c8de4658da838ad7237c020fec4bd62b18df0cbb931
SHA512

655fbcc68d7b455f64ef4166ff224fc6c874425be496febc89f9c39fbb763e6dd9adda079b984a4ecc7f9d75f5e31b0669a472127d851233eb746553fc1507bb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b52fbbdb1f17457f9fa893d7dc6cf575_JaffaCakes118

Files

b52fbbdb1f17457f9fa893d7dc6cf575_JaffaCakes118
.dll windows:4 windows x86 arch:x86

25f4cc121153e620abf56fea978d4523

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
GetSystemDirectoryA
OpenProcess
Process32First
Process32Next
CreateToolhelp32Snapshot
RtlZeroMemory
Sleep
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
CreateThread
CloseHandle

advapi32

CreateProcessAsUserA
OpenProcessToken

ntdll

_strlwr

Exports

Exports

QiDalsrr

Sections

.text
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ