0e253536bc73836abd28d14b6edcc554_JaffaCakes118 | Triage

Sharing

General

Target

0e253536bc73836abd28d14b6edcc554_JaffaCakes118
Size

52KB
MD5

0e253536bc73836abd28d14b6edcc554
SHA1

362f157074b51e48f54de451b9e78376ebdab081
SHA256

178308e30a7693c04f1c21dda77d72e6209fcbe9c532f435af62e4d42b0a7105
SHA512

c5ff292ca2750233669a090d32182cf25709672568b3ea15913a9af5b4fb552c75caab9582022f994467d6afef639d7051fa5aa4c27676c672d931c587082425
SSDEEP

768:gM83EuEeqN+uvHoyHu85zb1+cdB/Myka:vWqHHf1BUcAyk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e253536bc73836abd28d14b6edcc554_JaffaCakes118

Files

0e253536bc73836abd28d14b6edcc554_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4a5a0788dd394d973d9ab30f198e4e19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

realloc
malloc
free
__dllonexit
_onexit
??3@YAXPAX@Z
_adjust_fdiv
rand
_purecall
??2@YAPAXI@Z
memmove
strchr
_initterm
_stricmp
_putenv

kernel32

GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
DeleteCriticalSection

user32

SendMessageTimeoutA
CallNextHookEx
UnhookWindowsHookEx
GetSystemMetrics
CharNextA
SetWindowsHookExA

Exports

Exports

RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE