1290200e40ae16a493b89ccf4173e81e_JaffaCakes118 | Triage

Sharing

General

Target

1290200e40ae16a493b89ccf4173e81e_JaffaCakes118
Size

11KB
MD5

1290200e40ae16a493b89ccf4173e81e
SHA1

bcbc4e9515a0add11aa8cc2554545436a2ee5884
SHA256

b8813d15f9a843a555dd3fa1c83eb0965807946d61b5eae9b5b285f7d56c9ba8
SHA512

a5b056379535285731cbe59b1fd749c0cfcadcacd2a8c8337795cc6cc313fc6dd0e8cf18dd9a2ed9ef39674f9a3349274c4734f67bde8ce2300dd6cc71955511
SSDEEP

192:5N2gQuUwXzioj4KALV2upWzVd7q1QDXEbBZ8KxHdGzyS/Vx:GJoiO8V2upW7vQjS/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1290200e40ae16a493b89ccf4173e81e_JaffaCakes118

Files

1290200e40ae16a493b89ccf4173e81e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ