ad44e5c1f53a11a41bce668ce5cf0384_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad44e5c1f53a11a41bce668ce5cf0384_JaffaCakes118
Size

276KB
MD5

ad44e5c1f53a11a41bce668ce5cf0384
SHA1

961a36bf7e13ed62f64292a8dc393f421e04c72d
SHA256

3acac1ca41d1b88f265df47e103be40a343543dc68247e888126c4e669ed834b
SHA512

37dbde563da6af2377f200dffcff8103b54ca5f964713ef0e06c95b151389491f4090fb569dbb471e92375352488452d87abd2bb430dbf7cd001b1aa174e1892
SSDEEP

6144:Gei29DNqa99QrNpqUtCXoBzWXvU/2IFHi4iRiNG0XCt5XJC/UlP0lZu:thqaTQrNsg/zWXv05di4AiNG0gXgLZu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad44e5c1f53a11a41bce668ce5cf0384_JaffaCakes118

Files

ad44e5c1f53a11a41bce668ce5cf0384_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8309654449eba53a819910748632ecfa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_alldvrm
_allmul
strstr

kernel32

DeleteFileA

Exports

Exports

SFFD
SetBotParameter
Start

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ