00e9049b0b45006c57a5a4210357ba5b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

00e9049b0b45006c57a5a4210357ba5b_JaffaCakes118
Size

25KB
MD5

00e9049b0b45006c57a5a4210357ba5b
SHA1

cf024f9752e818bd5a6b72ed14356f2862e920f0
SHA256

020dc1ed5b0d2b80c537c6ea5a26d672960ce81472dc5ecb02114929368c877d
SHA512

16c2f57ebf62495c97042b4ae98ecbf21c596f61ebb02f6d92be901fea12a7391c329f8c592810895bf93be71a80ffe2a6a41cf3e2dd1aa2239e1500afb84848
SSDEEP

384:uKUtss/z4117nNXZG4kfhXapNeHoXKzOQcG4apnY1d0cnf0224t:esX1RpxpGOQc9ai1dlf022Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00e9049b0b45006c57a5a4210357ba5b_JaffaCakes118

Files

00e9049b0b45006c57a5a4210357ba5b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ce0ab8262bc68491a107c4cb2781aff3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
SetLastError
lstrcmpiA
GlobalFree
GlobalAlloc
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetSystemInfo
CloseHandle
Module32Next
Module32First
CreateToolhelp32Snapshot
GetCurrentProcessId
VirtualQuery
WriteProcessMemory
GetCurrentProcess
VirtualProtect
lstrcpyA
lstrlenA
GetVersionExA
GetLocalTime
lstrcpynA
GetProcessTimes
Sleep
CreateProcessA
GetSystemDirectoryA
GetLastError
CreateMutexA
lstrcatA
WriteFile
CreateFileA
ReadFile
GetFileSize
RaiseException
ExitProcess
GetCommandLineA
GetTickCount
DeleteFileA
SetFilePointer
GetSystemTime
RtlUnwind

Exports

Exports

ControlProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ