1b5ab9234d9aaafa0177603fd3a2fc1c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1b5ab9234d9aaafa0177603fd3a2fc1c_JaffaCakes118
Size

204KB
MD5

1b5ab9234d9aaafa0177603fd3a2fc1c
SHA1

cc845969026f865ddc946c9856e4aa2dac462b10
SHA256

403e6488558495da59809311f7301ba702adc8f25a581ff279f56d9d62e8ac53
SHA512

7c343c8fb5f47e94c94bafcee64d2a73ea92e4ae522dc27b15a720d7e34ee73340b3b5819287a7f2a6c7a109a72a6605e32f1de4334983e54018829bbac72af9
SSDEEP

3072:4WqHHz1kO1izYjTQzG8kDgFmzDMOzjNTdpYKvAibqzdWPEAKkiSW:yHTf1izCTQiZDamzYODpP4ib2BB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b5ab9234d9aaafa0177603fd3a2fc1c_JaffaCakes118

Files

1b5ab9234d9aaafa0177603fd3a2fc1c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4a5a0788dd394d973d9ab30f198e4e19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

realloc
malloc
free
__dllonexit
_onexit
??3@YAXPAX@Z
_adjust_fdiv
rand
_purecall
??2@YAPAXI@Z
memmove
strchr
_initterm
_stricmp
_putenv

kernel32

GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
DeleteCriticalSection

user32

SendMessageTimeoutA
CallNextHookEx
UnhookWindowsHookEx
GetSystemMetrics
CharNextA
SetWindowsHookExA

Exports

Exports

RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ