45585a9180b482348b22e537efb4bc57_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45585a9180b482348b22e537efb4bc57_JaffaCakes118
Size

116KB
MD5

45585a9180b482348b22e537efb4bc57
SHA1

917a3a20b8459d86e698dd2eeaf68421efc8956f
SHA256

a426d1ca9bf2516121f213f359b2a8bf244b877f71d562f0c7a7eede6b2f1f6f
SHA512

b17be460d535d69447a6f2cb0439ba627e775f4a7ab6483bdff33ba626c3da5e44530cb2eaa64160176542f9c2f429efeaf25eaef5f178e478c70e0eade87231
SSDEEP

1536:mXMcM4lCZ9bCvFiN0azgbPxfi61frJB+h8ukoqNXV4y34I5R35rFefGg3ibjYISM:mXMbsCDsIOj1fFKr4l4IFefGg3kC0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45585a9180b482348b22e537efb4bc57_JaffaCakes118

Files

45585a9180b482348b22e537efb4bc57_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4e8b28fe9a24fe0ce6d3fd0daa74358d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwImpersonateThread
_snwprintf
ZwLoadDriver
ZwOpenThread
ZwQuerySystemInformation
ZwClose
RtlAdjustPrivilege
_snprintf
_wcsicmp
_stricmp
RtlInitUnicodeString
memcpy
memset
_chkstk

shlwapi

SHDeleteKeyW
PathFindFileNameA

kernel32

GetTempFileNameA
Sleep
DisableThreadLibraryCalls
VirtualAlloc
GetProcAddress
WriteFile
VirtualFree
GetModuleFileNameA
GetModuleHandleA
CreateFileA
CreateMutexA
GetVersionExA
CreateThread
CloseHandle

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE