face5df3ee253ff4859028fe6b6c3f12_JaffaCakes118 | Triage

Sharing

General

Target

face5df3ee253ff4859028fe6b6c3f12_JaffaCakes118
Size

10KB
MD5

face5df3ee253ff4859028fe6b6c3f12
SHA1

4ef2c151b78f149a7b2dd417ae5c4e0210634c05
SHA256

40a64bee1d1a955a16de09dd14ea7c28c3f3bfe3eb32ab434b0e2dad99bdbda4
SHA512

dfedb0d055075cbde2a39ff20c3b828cbf0c0b844479631f32b75df4663f33ec765fc514db34e106c108d0a42728e08615d33a255f36af4a85673487916598cb
SSDEEP

192:qFz/ZyKnfjTABUkqs18tZ8bIyzVeGTPMSR1W9kRlm:Mn7TKzoLVsR1W9kRlm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
face5df3ee253ff4859028fe6b6c3f12_JaffaCakes118

Files

face5df3ee253ff4859028fe6b6c3f12_JaffaCakes118
.dll windows:5 windows x86 arch:x86

71091fa03929b06e05414455c0ae7787

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlRandom
atoi
RtlComputeCrc32
strcpy
memcpy
strcat
memset
strlen
sprintf

shlwapi

PathCombineA

kernel32

HeapValidate
CreateThread
Sleep
TerminateThread
GetModuleHandleA
LoadLibraryA
GetPrivateProfileStringA
GetProcAddress
GetPrivateProfileIntA
IsBadReadPtr
HeapAlloc
HeapFree
GetProcessHeap

shell32

SHGetFolderPathA

Exports

Exports

Init
Start
Stop
TakeBotGuid
TakeGateToCollector

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ