e7a59af68753d52fee5e4237f7caa5a8_JaffaCakes118 | Triage

Sharing

General

Target

e7a59af68753d52fee5e4237f7caa5a8_JaffaCakes118
Size

39KB
MD5

e7a59af68753d52fee5e4237f7caa5a8
SHA1

deeb4dbd642731d680eb30f4899d1b56631c1be2
SHA256

e450ce9acabc2f7a37ba3583fc587dc8041dcef6d7b0049b342b793d2e554ad1
SHA512

e567a4a48dfabe71549dcf92bce3b49cd1b97815829a36eea7658a919e6a64f9a346ad65822952ff8776810c909cb6ec84da9624e2766974ddfe5064ee0ed9ad
SSDEEP

768:5iT/u+rgDUNaT2y7SSQxlIs+C3UKqxRr+ul9Mi69dPHFpxlMDix+XaDx:UT/u+rgD7D1Q0s3D4Rr+ub0xzjkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7a59af68753d52fee5e4237f7caa5a8_JaffaCakes118

Files

e7a59af68753d52fee5e4237f7caa5a8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

034a75c995b7e58c9110f98b2218e794

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
LoadLibraryA
IsBadReadPtr
VirtualProtect
lstrcmpiA
GetProcAddress
CreateThread
GetModuleHandleA

user32

DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadIconA
LoadCursorA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ