3194e9119f88a66a560e9b29bd6f18aa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3194e9119f88a66a560e9b29bd6f18aa_JaffaCakes118
Size

74KB
MD5

3194e9119f88a66a560e9b29bd6f18aa
SHA1

aa4e89c3132e9bb9648594f579bc43d9157ceb9c
SHA256

91e16e5cd5e5dd15d7f4b10e724ef63b4fc4f4bb0a6a4b5095025a496463ecae
SHA512

0da951154b028b7b236967b4a5f9f69d22217cc230afc86e13a6702e2d9c6a61655001c057d23fda4244bab0e5e4daed2de7312d366519c679b8c741c7beedd2
SSDEEP

1536:WQVAmTJCAsZjFIBAaXyrhuokRgFNKeILZPd8Ne8ZREua:17TJCAsZZDbrhuokjeIZPdSlZR8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3194e9119f88a66a560e9b29bd6f18aa_JaffaCakes118

Files

3194e9119f88a66a560e9b29bd6f18aa_JaffaCakes118
.dll windows:5 windows x86 arch:x86

023a272b8ee78c816c0d4c898e5aba04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
memcpy
memset
atoi
malloc
free
_itoa
time
srand
rand
strchr

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetModuleHandleA
LoadLibraryA
FreeLibrary
LockResource
SizeofResource
LoadResource
FreeResource
FindResourceA
CloseHandle
ReadFile
WriteFile
CreateFileA
ExitProcess
GetProcAddress
GetSystemTimeAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
HandlerEx
Inst
LoadIt
ServiceMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ