3b7c948ea1cc9c30c94a2068b6881d1c_JaffaCakes118 | Triage

Sharing

General

Target

3b7c948ea1cc9c30c94a2068b6881d1c_JaffaCakes118
Size

8KB
MD5

3b7c948ea1cc9c30c94a2068b6881d1c
SHA1

94050d1a7b11ac0fd06fc6b4e81da8d29a433498
SHA256

90bf2e24fd9833156245d54996fa06dcdb2dc2a1465852249728fa78d2554035
SHA512

f85a941bd3973be4fd6ac48f37c3329432bae05862315d30f2b96dd8c5ca205d123b4204e40228e42e0b1caa773ada5b86434bb877faebd57ab1bfca932fc68c
SSDEEP

192:+bScNHeYGly68CHG26LC5uZrp3hUWDE82QWna:+b/NHefly6ZCLC4rp3hUWDE82QWa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b7c948ea1cc9c30c94a2068b6881d1c_JaffaCakes118

Files

3b7c948ea1cc9c30c94a2068b6881d1c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f07697b38468e9179d35dd48848fd4aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord536
ord939
ord5572
ord690
ord665
ord1979
ord6385
ord941
ord1988
ord2919
ord860
ord5356
ord5207
ord389
ord859
ord924
ord540
ord2818
ord356
ord2770
ord668
ord800
ord2781
ord4058
ord3181
ord2915
ord3178
ord2764
ord353
ord1168

msvcrt

_adjust_fdiv
malloc
_initterm
free
sprintf
fopen
__CxxFrameHandler
fclose
fwrite

kernel32

SetFileAttributesA
GetWindowsDirectoryA
WinExec
CopyFileA
CreateThread
GetLastError
CreateMutexA
DeleteFileA
Sleep
GetSystemDirectoryA
GetDriveTypeA

user32

wsprintfA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ