476f5d08d63865288647ed1756039ed3_JaffaCakes118 | Triage

Sharing

General

Target

476f5d08d63865288647ed1756039ed3_JaffaCakes118
Size

7KB
MD5

476f5d08d63865288647ed1756039ed3
SHA1

4abd28721e1d1a78eb8644837a61678492afe15d
SHA256

1f4c9fdf3ab03b35a34e7c973f8445284e2b573e2b9e24f11d3ff648ae56a8b2
SHA512

e4e235eff15cb8af93d6ca6cd7aaa87f2d1fe7cbe7bee8b809a273df19abcb1fed0728d60d7658c60097456176baa47cc4fef35b9c1e917ebdb5a1e8128110c7
SSDEEP

48:CsZKeAi2m7u83Y898TICNK1kJk2ocrZj3+Et2MYuOTGcAWr7V5mePAG/vPpMvxP:5bUm7u8I898T1NN7FVVBdRyd/nKZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476f5d08d63865288647ed1756039ed3_JaffaCakes118

Files

476f5d08d63865288647ed1756039ed3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9b4147f98653b46afba100aeaa81af7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathA
CreateFileA
DeleteFileA
WaitForSingleObject
lstrcatA
MoveFileA
CreateThread
Sleep
GetPrivateProfileStringA
lstrlenA
CloseHandle
GetComputerNameA
CreateProcessA

user32

wsprintfA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

wininet

DeleteUrlCacheEntry
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

urlmon

URLDownloadToFileA

msvcrt

free
_adjust_fdiv
malloc
_initterm
atoi

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ