d0e3a8d8aa347cd2d443fba0ad653138_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0e3a8d8aa347cd2d443fba0ad653138_JaffaCakes118
Size

11KB
MD5

d0e3a8d8aa347cd2d443fba0ad653138
SHA1

499b866fbc5ea2ac158388d1c574d993fe95048b
SHA256

94a8ffcfe04f5ed28a0033a91a7149f90ed47a1bf273aa9762fa9a1f3edbf39c
SHA512

b7edba0613ee7e4bd0c72e533d5e5e7834cce26a42a870b2fd5f97b043d4f6f7f36bea3d422c152ad81cc5d33f39632387063f78c462a11ffa34968f3202defb
SSDEEP

192:Ed5uvfII0UBuJtZgH4tHhR6BmKtjSM+TEIlygx:Ed8vfv0ntZYYUSJlygx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0e3a8d8aa347cd2d443fba0ad653138_JaffaCakes118

Files

d0e3a8d8aa347cd2d443fba0ad653138_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aed258f13923c817c70925e1176bdedb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
SetThreadContext
VirtualFree
WriteProcessMemory
GetThreadContext
VirtualAlloc
VirtualAllocEx
CreateProcessA
DisableThreadLibraryCalls
GetTickCount
GetProcAddress
LoadLibraryA

msvcrt

_initterm
malloc
_adjust_fdiv
free

Exports

Exports

StartProcessAtWinLogon
StopProcessAtWinLogoff

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ