2989b78ac3a752bf6792ac9ac606fdf0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2989b78ac3a752bf6792ac9ac606fdf0_JaffaCakes118
Size

519KB
MD5

2989b78ac3a752bf6792ac9ac606fdf0
SHA1

98cf14886b8610160e5f811eff6bc8c4b277b496
SHA256

7db60fa41226602b7b8d67e59ff398feeba4974591d9c6f6ef8898118122c7f4
SHA512

e113cb9d51a9ba6d5cc2c9a93a1779e00505cab3c40a084894d77009a2f0ab9107e62b07440abefb1a613730a39edd4314545799717a5d938ba7d608a8adee1a
SSDEEP

12288:3snsvFrLj8Txto6UyAtYr7iffxgMhjyStqSZ4DJ:3snsvFrOxtoo8I7iXxxGGZ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2989b78ac3a752bf6792ac9ac606fdf0_JaffaCakes118

Files

2989b78ac3a752bf6792ac9ac606fdf0_JaffaCakes118
.dll windows:5 windows x64 arch:x64

1b3e8be39e6898c1a4c080feec3ae5e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

H:\Double\Door_wh\AppInit\x64\Release\AppInit.pdb

Imports

kernel32

ReadFile
CloseHandle
CreateFileA
GetFileSize
GetCommandLineA
Sleep
GetProcAddress
SetFileAttributesA
GetModuleFileNameA
OutputDebugStringA
DeleteFileA
CreateThread
LocalAlloc
LocalLock
LocalUnlock
LocalFree
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
LoadLibraryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Exports

Exports

DllMain_mem

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 509KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ