0b5ed90763b82e732557ffad89939cf4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b5ed90763b82e732557ffad89939cf4_JaffaCakes118
Size

40KB
MD5

0b5ed90763b82e732557ffad89939cf4
SHA1

1716d2a1ca988dabf60b4b0337edaee599a73892
SHA256

f67786318eb21259f358a568de2a67c645f6be5fcbacb5f4ba6e3ed52a8dbc05
SHA512

ecbc051a2b5874ec7431230c0cc2bf17063dddd1936220db69c1bfc72159accd486c1ed070ce4e48bac433e1c52ea569c74e1a8858183991e7a3fa207caa0836
SSDEEP

384:b+bzHxsRg//B40l49utd4Tg+Q+ntEbOknBcDMbr3m3PSMKx:yPORGJ40l498qTPxtMyAb7ISt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b5ed90763b82e732557ffad89939cf4_JaffaCakes118

Files

0b5ed90763b82e732557ffad89939cf4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b23336594d26aef65698960beaf38d84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
??2@YAPAXI@Z

kernel32

WaitForSingleObject
LoadLibraryA
GetProcAddress
lstrcpyA
DisableThreadLibraryCalls

Exports

Exports

?DockSetValue@@YAXMMMM@Z
?InitDock@@YAX_N@Z
?IsDockBandShow@@YA_NXZ
?ShowDockBand@@YA_N_N@Z

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 537B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ