32348499a5ecabdff9a8d8798a3c5328_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32348499a5ecabdff9a8d8798a3c5328_JaffaCakes118
Size

22KB
MD5

32348499a5ecabdff9a8d8798a3c5328
SHA1

9eafee8bb54cbacd8472b850462ff833f5e6e8ea
SHA256

e9914a2810f7194547da0f825d0786304b9eb4305536697e3f8becb8bcd23cb2
SHA512

d3117bc378c0969d9132be0f764c1c4d43238fa65ccb58b296e31ef0c374655ba8b18dbba46344bef7452defadbaa62526e9ece9e4552660440be4314f254fb0
SSDEEP

384:o4sVmJOxbK1hJVUwPdRiThhnX0A+TQFOj1muyMn+7S7aszNSXzvNrGWl:oNO4bKjUCRirITQFOj1muy2+7S7aszN8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32348499a5ecabdff9a8d8798a3c5328_JaffaCakes118

Files

32348499a5ecabdff9a8d8798a3c5328_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9a4d00436e3bdcd635f0a3f656e4a2ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetLastError
Sleep
lstrcmpiA
lstrlenA
CloseHandle
lstrcpyA
GlobalAlloc
GlobalFree
DeleteFileA
FreeLibrary
LoadLibraryExA
SetFilePointer
GetModuleFileNameA
GetModuleHandleA
lstrcatA
CreateThread

Exports

Exports

LoadGraphics
StartVM

Sections

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ