394f0c4210e05cf40cddac449d5c804d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

394f0c4210e05cf40cddac449d5c804d_JaffaCakes118
Size

65KB
MD5

394f0c4210e05cf40cddac449d5c804d
SHA1

3f0bae20449d4d9c6e04c1d3668b8659758ce7d6
SHA256

b045c6c5e635c85b44f53bc27767b4bd08c7ae920ea245da4c3a6e361e6f676c
SHA512

e7f64ef6d624118b06b8616a7b52f671aff4f0b8557af0dba8e4df82d7f31fb1922249698622dfcccdf91b694ebd6125786072c243f2faaad0b7af4d34609a97
SSDEEP

1536:f18Jj2Zo0qAI6bszZkZBwG5Ivs8GxNR93bk/:f6qFqAqZOBIvs8GxNY/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
394f0c4210e05cf40cddac449d5c804d_JaffaCakes118

Files

394f0c4210e05cf40cddac449d5c804d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e04ea6f7969c008e6a5e9291cfd7717a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitThread
WriteFile
ExitProcess

msvcrt

__p__commode
__p__fmode
fprintf
fwprintf
strpbrk
strspn
wcscat
wcscmp
wcslen

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ