3654f3088e0a02e4dd390a54b6f4768d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3654f3088e0a02e4dd390a54b6f4768d_JaffaCakes118
Size

7KB
MD5

3654f3088e0a02e4dd390a54b6f4768d
SHA1

34491d07aa1c023e207a81bc5175a0d62486588b
SHA256

7b8e7ccacef43e1b1d385ff30f2b6932fb0547f374ab36455afa5c50fe86f2d1
SHA512

0f18456b470257d501dda1060d932fd0dbbb63e717b5e58bcf05576b23767f7c71bad5426ad57fcb4ef722a533fb6244d3a70bda2fb8f7c5c53d77810aec9ae3
SSDEEP

96:hW137tXcfuuOCFbc7Qn+dFD8ggiy0JEkCdiyTonYe1xguQ7gxlhR:hyLtyuuOo8rdFg5iJ+pigoBvX3R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3654f3088e0a02e4dd390a54b6f4768d_JaffaCakes118

Files

3654f3088e0a02e4dd390a54b6f4768d_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fb746f4c42e7fde8f282f9768b0ccac3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\WORK 源码\c9\Release\c9.pdb

Imports

kernel32

GetModuleHandleA
CreateThread
VirtualProtect
VirtualAlloc
Sleep
CreateFileA
ReadFile
CloseHandle
TerminateProcess
lstrcpyA
GetCurrentDirectoryA
lstrcatA
WriteFile
lstrlenA
WideCharToMultiByte
lstrlenW
GetPrivateProfileStringA
OutputDebugStringA

user32

CharLowerA
wsprintfA

ws2_32

inet_addr
connect
closesocket
socket
WSAStartup
recv
send
htons

msvcrt

strstr
atoi
memcpy
memset

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ