f632bb5ef84530afd7846ada646e2019_JaffaCakes118 | Triage

Sharing

General

Target

f632bb5ef84530afd7846ada646e2019_JaffaCakes118
Size

25KB
MD5

f632bb5ef84530afd7846ada646e2019
SHA1

25ffeffc97ae0234080870d5840e14ccb1bb6b85
SHA256

10eb5985540586639e21c1668092cd79cf266711faaeeb9c1f1c02fbbd5de41f
SHA512

a8bbcfa2ed9376f85f08fd241b9f68919825b2bbbbdb217b2a211ff55357134b74b4459551b2da27329dcd083e0e54ceb1527cd496bc2b5b84252e189afb071a
SSDEEP

384:yGlE0UW7F8T11EQOXKke85dL3tpGEPsjeiaUTtTWRrqt4kJcLwr:yeuLEQOak7L3ETt5vJMM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f632bb5ef84530afd7846ada646e2019_JaffaCakes118

Files

f632bb5ef84530afd7846ada646e2019_JaffaCakes118
.dll windows:6 windows x86 arch:x86

3eed3ab188942d448f71a3f74e7775f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
memcmp
free
??2@YAPAXI@Z
strrchr
isdigit
_beginthread
strstr
_itoa
fwrite
printf
atoi
fseek
ftell
fread
fopen
fclose
_strdup
fprintf
strncpy
isalnum
strchr
sprintf
tmpfile
realloc
malloc
memcpy
_strnicmp
memset

psapi

GetModuleInformation

kernel32

CloseHandle
CreateMutexA
OpenMutexA
GetCommandLineA
WriteFile
GetModuleHandleW
CreateFileA
OutputDebugStringA
Sleep
lstrlenA
WinExec
GetFileAttributesA
VirtualProtect
lstrcmpiW
GetModuleFileNameA
GetCurrentProcess
lstrcmpA
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ