f20739c8aef1159fb4e671d991b18856_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f20739c8aef1159fb4e671d991b18856_JaffaCakes118
Size

256KB
MD5

f20739c8aef1159fb4e671d991b18856
SHA1

721054640f98b2d3dc49466b2dc22795fcc459f1
SHA256

665f77d2bd27b77e9eafe7cdc7385f00434422a27e00fe46349b6aff9d0be9d2
SHA512

aeb399ecb33e85439a35afcaeb8b1098914eab4c95025875f4e7bc6cf1c28ba18aa9a1c8055558c48b7ff622da83ede2f90f6840964415c959e769403bdc463b
SSDEEP

6144:bc4FaFGHfuAUijtgTeN7dMx/AI2oOBI78xSU0LPL/g+hgU+f0vA5+G+evl3J2zFk:bsg2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f20739c8aef1159fb4e671d991b18856_JaffaCakes118

Files

f20739c8aef1159fb4e671d991b18856_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b1f4c9039615c96d2b7e14a5a2964b50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
malloc
_adjust_fdiv
_initterm

user32

DefWindowProcA
GetMessageA
ShowWindow
MoveWindow
CreateWindowExA
RegisterClassExA
DispatchMessageA
TranslateMessage

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

dnsapi

DnsFlushResolverCache

kernel32

lstrcpyA
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
CreateThread
lstrcatA
FindFirstChangeNotificationA
WaitForSingleObject
FindCloseChangeNotification
Sleep
UnmapViewOfFile
GetWindowsDirectoryA
GetLastError
CreateMutexA
TerminateThread
WriteFile
CloseHandle
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceA
CreateFileA
SetFileAttributesA
ExitProcess

Exports

Exports

Main

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ