4767cd19be3c03d8657839905f8e14a2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4767cd19be3c03d8657839905f8e14a2_JaffaCakes118
Size

52KB
MD5

4767cd19be3c03d8657839905f8e14a2
SHA1

7f70f23269497948fc6f42289a33a370dc2e137e
SHA256

0258f67231327ad9c38862c0efa5ae193ecfb99842dbf1c8496aa2c0e40be60c
SHA512

db16d5f699af9ea177a6a42e37916c8252f919622cdfd1f9208d59a9c6da9c76716525fb8acbfe26ca500d483be2d39919f9cc7e32e0a28eb3c1c3a39234227d
SSDEEP

768:Gckr3P46FhjEAXXXsXXQ1CVQYy0ZPLBHWppxfSlwPQDI/jo93FmGb+S:GcU4Uho819YyIx6jfhPQmoDX3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4767cd19be3c03d8657839905f8e14a2_JaffaCakes118

Files

4767cd19be3c03d8657839905f8e14a2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9a699d93b5ba3706b48b81af3f069727

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
DeleteFileA
lstrcatA
GetTempPathA
CreateEventA
lstrlenA
lstrcpyA
GetCommandLineA
VirtualProtect
CloseHandle
CreateFileA
LoadLibraryA
lstrcmpiA
GetProcAddress
VirtualFree
VirtualAlloc
GetStringTypeW
GetStringTypeA
GetVersion
HeapFree
GetLastError
WriteFile
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile
ReadFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind

user32

wsprintfA

Exports

Exports

Ordinal1
Ordinal2
fOrdchk24044

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ