158d28f834740093e2319d2cc69ebfb4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

158d28f834740093e2319d2cc69ebfb4_JaffaCakes118
Size

252KB
MD5

158d28f834740093e2319d2cc69ebfb4
SHA1

edc62ea259962b3446cf8c68bbee8feeedd5444e
SHA256

816260135d39ce7774acb6ffa2e8d8504e1f75233b58e785638c90dc69010d98
SHA512

13b93b62e3d268ba4e2671a96a5e7665c3c1485d6d8192b1d20f50efcf0584eb072ac3a782170e088561a5b15017c7817d09b1cfc58352259d195ee8315a19ca
SSDEEP

6144:CNfnLuPPhblgehWDl5JNUqV/A6z8UeX3082EDP:afLuPPVLwDLdBzVeXqED

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
158d28f834740093e2319d2cc69ebfb4_JaffaCakes118

Files

158d28f834740093e2319d2cc69ebfb4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4f3bfcc6cfe788acf79086c2c2f1c310

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualQueryEx
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

CallWindowProcA
MessageBoxA

advapi32

RegOpenKeyA

shlwapi

StrStrIA

ws2_32

WSAStartup

Sections

.text
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

sdg3hb0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdg3hb1
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdg3hb2
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ