0e9ebcc9c2a1081acbd034a8e9ea3198_JaffaCakes118 | Triage

Sharing

General

Target

0e9ebcc9c2a1081acbd034a8e9ea3198_JaffaCakes118
Size

12KB
MD5

0e9ebcc9c2a1081acbd034a8e9ea3198
SHA1

92d1b09d45e71be3da68918cc8fe6e68e2b92a18
SHA256

20d5912a1c351ef68b7763b04e786738b9a7cd14c68d174e74adc8ec6ad8ddb9
SHA512

fcce786a124d03709cb6981117e9cc4d063aa7b37ae3614421ae5a000cd52232593fd48eb275d41143510ecd2f666c87c2618a3ec0dc399b415630e072fc93b5
SSDEEP

192:VEJpMYjF0k/O5KtwAC0mf/hawCIHCp1Di4cZgYHe:uXMVaO5Ktw8E/FxHADiZe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e9ebcc9c2a1081acbd034a8e9ea3198_JaffaCakes118

Files

0e9ebcc9c2a1081acbd034a8e9ea3198_JaffaCakes118
.dll windows:5 windows x86 arch:x86

39edaf7a25170afe217217949b34fe18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetProcAddress
lstrcmpA
MoveFileExA
Process32First
GetSystemDirectoryA
GetTempFileNameA
LoadLibraryA
OpenMutexA
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
IsDebuggerPresent

user32

CopyIcon
FindWindowA
LoadCursorA
GetWindowThreadProcessId
EnumWindows

Exports

Exports

Exucute
SetXXX

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ