b64ea168222ab037f5cc3760d010ecfb_JaffaCakes118 | Triage

Sharing

General

Target

b64ea168222ab037f5cc3760d010ecfb_JaffaCakes118
Size

16KB
MD5

b64ea168222ab037f5cc3760d010ecfb
SHA1

d95b659c9cfbddabfc70d0d347f82f3202440f66
SHA256

4aee09e27fea242b14f30414a5fc7be204609f094172ff707d9856d1b4d33948
SHA512

1af6deac927c45fd95c606c3510e5eeae7d344421e79ee5a0148e90eee95406d690f65e326d4144a3bb08642a6dcf65d852bd81bf243e2ccb76d6b84428bc519
SSDEEP

384:Sb/4QbBefUbh8XKhcdjlNkrgPI4O0lCK:SrCqmjlN3kO5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b64ea168222ab037f5cc3760d010ecfb_JaffaCakes118

Files

b64ea168222ab037f5cc3760d010ecfb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

17e56da1b33bd9b243c8d8017e1fea48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
GetEnvironmentVariableA
GetThreadContext
ReadProcessMemory
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
lstrcatA
lstrcpyA

Exports

Exports

DllMain
WLEventStartShell

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 94B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ