3d936f5049a784ea6ac800ed934aefa8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d936f5049a784ea6ac800ed934aefa8_JaffaCakes118
Size

7KB
MD5

3d936f5049a784ea6ac800ed934aefa8
SHA1

3fac2eef7f09b979dcf09982ec5c2e97cfc7a2dc
SHA256

a0efb30fb20cde7b78cef141c869c2e45d5eff5b51ee2afe7629a6b34208551a
SHA512

50aa5f0d71d084ea59186857ba018b75329caaf761a7172f76113625a811f5ef8833bf10371c00691c0b67e47268a5e3e12603641bca06f7772d42c4a095dbea
SSDEEP

96:+GamV1VEMv0inDKZ6B/OFDl1cuY8k5lr6eVYCuyx/Y0TI:kaVEMvrDKZOq/9k5lWg00vI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d936f5049a784ea6ac800ed934aefa8_JaffaCakes118

Files

3d936f5049a784ea6ac800ed934aefa8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1158cc113c59c36fb95c863b030ab1f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrlenA
LoadLibraryA
GetFileSize
lstrcatA
GetModuleHandleA
LocalAlloc
ResumeThread
SetThreadContext
GetThreadContext
WriteProcessMemory
VirtualAllocEx
CreateProcessA
CloseHandle
WriteFile
CreateFileA
GetTempPathA

Exports

Exports

BindRoutine
CopyTemp
GetMyRes
RunPECode
SelfDelete

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.main
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ