12c3ad402158531c55b7e0f3f20fe450_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

12c3ad402158531c55b7e0f3f20fe450_JaffaCakes118
Size

9KB
MD5

12c3ad402158531c55b7e0f3f20fe450
SHA1

afe77ab4989f2b243bd1a50eb5450d2fd2403486
SHA256

cfc97399dc6e32fce20dc9b8b2e1bac1fb0d0a22676e1f48e67c10c32e8fd6b0
SHA512

e2f35a3a0f8a2f68d4e27fa6d3769160c1d733fa3940bc5191ac1460d812db60908365eaa438e9a2076eab074eb905ec831471f894bdf45160f61106370293cb
SSDEEP

192:j/jF3wTJsWPlSI5gTPRsvPb8PNavX/hjGWogt:bhZBjRkQNAX/kWogt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12c3ad402158531c55b7e0f3f20fe450_JaffaCakes118

Files

12c3ad402158531c55b7e0f3f20fe450_JaffaCakes118
.dll windows:1 windows x86 arch:x86

123363ea8a7c2702f70b7b6f357e8b6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
LoadLibraryA
GetModuleHandleA
GetProcAddress
VirtualProtect
GetModuleFileNameA
CreateFileA
WriteFile
CloseHandle
OpenMutexA
CreateMutexA
DisableThreadLibraryCalls

msvcrt

malloc
free
_beginthread
_strdup
strtok
strcpy
strstr
fopen
fread
fseek
ftell
fclose
sprintf

Sections

.barsc0d
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uninit
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ