23dc6b00c667c35b2ef148cb89d88044_JaffaCakes118 | Triage

Sharing

General

Target

23dc6b00c667c35b2ef148cb89d88044_JaffaCakes118
Size

168KB
MD5

23dc6b00c667c35b2ef148cb89d88044
SHA1

9930cc2da5e137b9547013439a66126814b8fe7f
SHA256

2b8c606fb94351e012265f06a14d607e1483559e90d79fa3e88affc564e38dc6
SHA512

fce4827f438084fd8156b14d5b4ab26331e1564e1b69c413140993271bd3081a337df919de8446f11d512672a4563383c7eb372cf2ae4179847c8578d0aabfe8
SSDEEP

1536:cA+59ThMvknNHjWaysTNr52AdTWyObELQeFdW1d+4YjalslFolctsnb/Lngntlby:zvknNDWkH2OTXKs5dWP+4ikcCb/LgD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23dc6b00c667c35b2ef148cb89d88044_JaffaCakes118

Files

23dc6b00c667c35b2ef148cb89d88044_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d778d5d29c763854f5ce84d6f3c0bbde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\src\loc_rp11dll\cn\rjfade_cn.pdb

Imports

kernel32

VirtualAlloc
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
GetSystemTimeAsFileTime

user32

GetSystemMetrics
CharNextA

msvcr71

sprintf
printf
malloc
free
realloc
_stricmp
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
__security_error_handler
??3@YAXPAX@Z
??2@YAPAXI@Z
strrchr
_putenv

Exports

Exports

CleanupResourceLoader

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 922B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ