f59e1979b673348cafd472b0470d595d_JaffaCakes118 | Triage

Sharing

General

Target

f59e1979b673348cafd472b0470d595d_JaffaCakes118
Size

7KB
MD5

f59e1979b673348cafd472b0470d595d
SHA1

a8c54ae7e32a06dd58ed8926d34a8a48ef03da11
SHA256

47a436ff52c0b1d37f951a7e5ca185d136bacf7043e5c581c9d2bd94ff843969
SHA512

1032b1844590b37e0015dccd067e95c7065923daf52e72c56c66bfd2e2c2ce81cd0cb0af8703ed679f2af5921df3f6c8a26be82f9df8e9aabe5164ed6176e868
SSDEEP

96:PHWaQTNCWRcX4r06S9IdHt5//FkUhP68J:PkCWK99IdHttOYS8J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f59e1979b673348cafd472b0470d595d_JaffaCakes118

Files

f59e1979b673348cafd472b0470d595d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a28e982603ea927c6ed832b1172f4ea4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
GetModuleHandleA
GetProcAddress
GetThreadContext
ResumeThread
SetThreadContext
Sleep
VirtualAllocEx
WriteProcessMemory

msvcrt

__dllonexit
_errno
clock
fflush
free
malloc

Exports

Exports

ExecutePayload
code
inline_bzero
sc

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 788B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 125B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ