3445d549b0eb08141f82b2fba10d3241_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3445d549b0eb08141f82b2fba10d3241_JaffaCakes118
Size

128KB
MD5

3445d549b0eb08141f82b2fba10d3241
SHA1

be7b0f170fe0d64f34f38d8d8e03293495f9457c
SHA256

abee40aacb2fbb3248137c01507b626023723644f1dc3f3a7c261a6e88625338
SHA512

f66d84fe773c559ba7abe584f03d3d4a3e2213f3985c91c6fa466f6e28709aaef7552bb6b0918f14cb111bac35a8ae6f2685113f61c4a9bfa79f03720a9590b1
SSDEEP

1536:MEpTORPmwoiOz1Q7lmAOYxlCZfqjGzqK7x4papVDhp:Mn5oVQezfqKzqyFlp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3445d549b0eb08141f82b2fba10d3241_JaffaCakes118

Files

3445d549b0eb08141f82b2fba10d3241_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b1702f550824b82f271ee712ef47351c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapDestroy
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
RtlUnwind

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ