f3514a3571ae368d32a6826556500d2f_JaffaCakes118 | Triage

Sharing

General

Target

f3514a3571ae368d32a6826556500d2f_JaffaCakes118
Size

40KB
MD5

f3514a3571ae368d32a6826556500d2f
SHA1

4f2338c684c16956702ef67b8816c5b7628525bd
SHA256

eafc813403c6cfb473651cf39ae430c276de0c4b06d27f82b55a9878ab8a3103
SHA512

18ed4957b4ce1d7ac223ea27f22e3589cc1085c4c09c193f491cc8b4578894faf8b033b3ef3bf513e8fbb48dfa9281fbe2b4ef6557d2586c1e96d9f4311c636f
SSDEEP

768:azFrJuEr3IMG4+siJ2IwJGHaGF4v8ygjpBEiaIr6NOKW:azhJRLTGsiJ2LyXF4kJ1BjaI6OKW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3514a3571ae368d32a6826556500d2f_JaffaCakes118

Files

f3514a3571ae368d32a6826556500d2f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2a7e2418be8a09fc671a0ee84b34f19e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
lstrcmpiA
VirtualProtect
IsBadReadPtr
GetProcAddress
LoadLibraryA
CreateThread
GetModuleHandleA

user32

MessageBoxA
DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ