292b5a6e2104d7bbffc27b9c26ac18c6_JaffaCakes118 | Triage

Sharing

General

Target

292b5a6e2104d7bbffc27b9c26ac18c6_JaffaCakes118
Size

20KB
MD5

292b5a6e2104d7bbffc27b9c26ac18c6
SHA1

4b68ead5a9fa4e561039013c4ae6460286601f9f
SHA256

b91b0c989653fc38623e4954a9117f2a49bf7388fb9d2222d60e8e1541d5b646
SHA512

b30a9a0473dce77faae392db9114472cfcf0c54814350fa6c0a06d6bf29dcb064ae28260232dc1e8e0d815772002499f69349e881dd1800dac44856ee47a7a0f
SSDEEP

384:e2yYghZLs3u4LOL3OKma+8B90/MuA512scepOjwP7NiG6SsakkxIB:e21gvwkL3wcBi/MuAWhEjwGDRxI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
292b5a6e2104d7bbffc27b9c26ac18c6_JaffaCakes118

Files

292b5a6e2104d7bbffc27b9c26ac18c6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

416576bb6995eecd89771ce86d780f1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

strcpy
_wcsnicmp
memcpy
strcmp
RtlImageDirectoryEntryToData
RtlImageNtHeader
strstr
strncpy
memset
strcat
strlen
_strnicmp
_chkstk

kernel32

MoveFileA
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
HeapValidate
HeapFree
HeapReAlloc
HeapAlloc
HeapCreate
VirtualProtect
VirtualFree
VirtualAlloc
TerminateThread
CreateThread
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
WriteFile
GetTempPathA
DeleteFileA
GetSystemDirectoryA
GetModuleHandleA
Sleep
DisableThreadLibraryCalls
GetModuleFileNameA
CreateMutexA

user32

MessageBoxA

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ