2b480400fd7d8ceb31c019581ba2e945_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b480400fd7d8ceb31c019581ba2e945_JaffaCakes118
Size

12KB
MD5

2b480400fd7d8ceb31c019581ba2e945
SHA1

c5a4a634a80a6b141eecc0f98c5890cc08efe6f5
SHA256

6df757048c8798ff29ceb658d59d447912f0326e283aae1d5e70f4f10917e7e6
SHA512

4e2b81eb4b6e181a3498cb9952b63cf0d9a1324fdc2bd511709f9becd34e2b5a25b63342b8d611d4925322ea41ad75fe1bdee8257e2ad5eca04ab18fc637f6f9
SSDEEP

192:5NuPgwQS1SqP8+siERAlBjrsorQrHP79QapgiUzSI/5:nuPo7qPx1EClxrssQLT9LgV2IR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b480400fd7d8ceb31c019581ba2e945_JaffaCakes118

Files

2b480400fd7d8ceb31c019581ba2e945_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2e82e80a74679c86afcbfaddb1ea4b6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winnof32

WinNOFCleanup
WinNOF
WinNOFStartup

kernel32

GetLastError
CreateFileA
Sleep
CloseHandle
DeviceIoControl
MultiByteToWideChar

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msvcrt

sprintf
malloc
free

Exports

Exports

close_perfmon_dll
collect_perfmon_dll
open_perfmon_dll

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 170B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 278B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ