056d53042ec29d340a6984eee137d48f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

056d53042ec29d340a6984eee137d48f_JaffaCakes118
Size

233KB
MD5

056d53042ec29d340a6984eee137d48f
SHA1

3db42582c74cd9df5aa3a0754f85315a2f669004
SHA256

9a39e1d0afa37bce2e2717156f28a5cafd8888a03bcb875ee503f5b784cd8c0a
SHA512

453aec76a5f4a8a0e8f5c66fe7439ce41d3718504b1480c1604eaf045c7811a5af00ebc4645ca8ceafc811ed31040cb8ce3a8fe5f2ee977c0dd72197d63a4d10
SSDEEP

6144:a5gVFJNZN+RpkCTlh9izCTQiZDamzYODpP4ib2B7:a56ZN+RpkTzCnZvVzah

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
056d53042ec29d340a6984eee137d48f_JaffaCakes118

Files

056d53042ec29d340a6984eee137d48f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7b9197cb192d549610776bfb9b2d0d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
CreateFileA
CloseHandle
ReadFile
SetFilePointer
WideCharToMultiByte
IsDBCSLeadByte
GetLastError
GetVersion
FindClose
FindNextFileW
FindFirstFileW
DisableThreadLibraryCalls

user32

CharLowerA
CharNextA

msvcrt

fread
fseek
_stricmp
memset
__CxxFrameHandler
free
strcmp
malloc
strcat
strlen
strncpy
realloc
_errno
??2@YAPAXI@Z
strcpy
memcpy
strrchr
memmove
abs
getc
_fsopen
_strdup
ftell
fclose
fopen
fwrite
_fdopen
strchr
fputc
calloc
strstr
_wfsopen
mbstowcs
??1type_info@@UAE@XZ
strncmp
wcscpy
_initterm
_adjust_fdiv

Exports

Exports

RF_create
gzip_writefile
readerSource

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ