ffbd431919d2d8b79b04a9b079f90877_JaffaCakes118 | Triage

Sharing

General

Target

ffbd431919d2d8b79b04a9b079f90877_JaffaCakes118
Size

15KB
MD5

ffbd431919d2d8b79b04a9b079f90877
SHA1

1b527f10fe3628b05ac2ad1a219d148fab131db7
SHA256

2011f312c1e2737d694a80d85fe170fab48dbf982ef4a737d98d252fe2b096c7
SHA512

e9fda26a06c7fe684927e7aef30804aa7a6168d0ab413e7cdcc49e021e2db45d8386dd4905688ca3e851cf885f7bcab841faea72ef4d2b9194a941b9ed2c7d6e
SSDEEP

384:vwxeK+N437qOdgvk5/vsVTTXX3FiRrIRgNl:vwxeK+Nqjdck1sV/FiRSg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ffbd431919d2d8b79b04a9b079f90877_JaffaCakes118

Files

ffbd431919d2d8b79b04a9b079f90877_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b79f9b181e53b8dccb4c4bb13f08e34a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess

ntdll

ZwOpenEvent
_snprintf
_stricmp
strchr
RtlImageNtHeader

Sections

.code
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.code1
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE