fab949216822ba257eb3a4d957a7d63b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fab949216822ba257eb3a4d957a7d63b_JaffaCakes118
Size

84KB
MD5

fab949216822ba257eb3a4d957a7d63b
SHA1

63c86314e9b0b65d4d40254fdde463f9fa447680
SHA256

96808dd131b0c619907488e83c3d6ea4148919edf15fa11bc5fe17190dd9a2fd
SHA512

34423e961f3d6455698eab2c3e51dc3a0fa19f7061b7f80b3274285f7e4096b504172c3a81af6c669f586bfacaf325876798c9aa619b01452db462aeacb91400
SSDEEP

1536:Rq8euBg1IqDwWFWtSBrEjHZeBQS7WPNVc+jJQ0iCsCCcKS5lq:Rq8euBKVFWSBriZ2a1e+jS0iCsCCcB/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fab949216822ba257eb3a4d957a7d63b_JaffaCakes118

Files

fab949216822ba257eb3a4d957a7d63b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

628d8f2cfae0bd9eaaa8b751cae383ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
SetSystemTime
FindAtomA
FindActCtxSectionStringW
GetStartupInfoA
GetTempFileNameA
CreateMutexW
SwitchToThread
WriteProfileStringW
OpenJobObjectW
GetTempPathA
RtlMoveMemory
SetEvent

shell32

SHGetPathFromIDListW
SHGetFolderPathW
SHOpenFolderAndSelectItems
SHFileOperationW

Exports

Exports

mciMainClock

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ