0457b5d0ab24bca08bf0e1cc35716f49_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0457b5d0ab24bca08bf0e1cc35716f49_JaffaCakes118
Size

28KB
MD5

0457b5d0ab24bca08bf0e1cc35716f49
SHA1

e666220221e9ab1c88788916a82600a89c9e8ea9
SHA256

6482d1a442d6976a4935e82ef992b09d6f5ffbe34fb5ca3e034cb07ddfe56b0d
SHA512

226c576c9706a37054030a7eda294e4caf5fc3b502a703d21c6f936f519c0b50b98cf87121515c6dd92ec316b4e031c335a41e2b37503d41b0a177a96a541db7
SSDEEP

192:/OA3dPHP9Bf9ZA4hSE2gUxPw4zyEkUkfoT/Bufpmguk80CaLCazt3:/7PP4E2dPwtNUlT/Buxruk8ULCI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0457b5d0ab24bca08bf0e1cc35716f49_JaffaCakes118

Files

0457b5d0ab24bca08bf0e1cc35716f49_JaffaCakes118
.dll windows:4 windows x86 arch:x86

cff0d52ffc308b6797bfd204ba5ebde6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
strcat
strlen
atoi
memcpy
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
_strlwr

kernel32

GetCurrentProcess
TerminateProcess
lstrcpyA
CreateThread
GetModuleHandleA
Sleep
LoadLibraryA
GetTempPathA
CopyFileA
GetProcAddress
GetModuleFileNameA
lstrlenA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
WriteProcessMemory
VirtualProtectEx

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ