25ff690472eac4c928d7eaffc87476e4_JaffaCakes118 | Triage

Sharing

General

Target

25ff690472eac4c928d7eaffc87476e4_JaffaCakes118
Size

56KB
MD5

25ff690472eac4c928d7eaffc87476e4
SHA1

1f7a4565281381ce1741cda51f9552d9ae1cc4c6
SHA256

a33b2a3d24aecec1e07675c21bb5e03c04d9f4fa175a6e3a9ba2ce35ecaac6b5
SHA512

385b6e40f100900b3e411d2e7ce7e27add92fa012ea39b08e2161c25b42352b768a53d43c2c77b77583a66649c8bc11a71f74c15373e457b689f5b412d40b393
SSDEEP

1536:G+ItHAg0Y+WiABVQohIpNhqCdP84iODD7a8CTb:yJAm+WiABeohIpNnva8CTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25ff690472eac4c928d7eaffc87476e4_JaffaCakes118

Files

25ff690472eac4c928d7eaffc87476e4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b6f38aaa35f5a853035e3d5b330eec2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_snprintf
_memicmp
memcpy
strrchr
memset

kernel32

LocalFree
DisableThreadLibraryCalls
InterlockedIncrement
GetLastError
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
VirtualAlloc
lstrcpyA
MultiByteToWideChar
LocalAlloc
LoadLibraryA
VirtualFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllPreTranslateMessage

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ