452cac4b8dfc1081fd71e265864647c5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

452cac4b8dfc1081fd71e265864647c5_JaffaCakes118
Size

128KB
MD5

452cac4b8dfc1081fd71e265864647c5
SHA1

d8cb42a7e09683b9bcdc812137e36d478fc08f83
SHA256

06f5e8b3c868fb4e9406ff337efd7bda3abcd03aab3da9477390f88b540985cf
SHA512

fd13e329e3d6b603d81812ac4f4ab6116f33cd936ae5baaa50c769ba4f060ded9d327b02422e9ae04e083599199abff3a2add5dc7b961ee3adb70735ca742c4e
SSDEEP

1536:/3chb3bgF8efng8G8S+/NTsFKXtBuPuKNT8qlabOQIWtGwQJx8KHwF4eqq6:/McF8efg8JNjziu+6bOdaJOQU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
452cac4b8dfc1081fd71e265864647c5_JaffaCakes118

Files

452cac4b8dfc1081fd71e265864647c5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4d908eefbc25543aec445e280f63f765

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CloseHandle
WaitForSingleObject
CreateThread
LoadLibraryA
VirtualFree
GetProcAddress
GetModuleHandleA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

ActiveX_
ActiveX_1
ActiveX_2
ActiveX_3
GenHWID
Init
LoadAllDll
PLCloseDevices
PLFindAndOpenDevices
PLSetCurrentDevice
PLSetUvcDevice
ReadExtUnit
ReadReg
WriteExtUnit
WriteReg
_declspecs

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 893B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 438B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ