47b6e56e32a9097dfacc1df2f4d855c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47b6e56e32a9097dfacc1df2f4d855c7_JaffaCakes118
Size

24KB
MD5

47b6e56e32a9097dfacc1df2f4d855c7
SHA1

7988a3e71b07ed418dcf0f11469b303638371b28
SHA256

3b3b693b85c4b409419e4efc1f5abead69a716cd005c47440bbcade77e8063fd
SHA512

17ddd3eb7e87bc332e1e4167e8a240eafdd1cf137e129e4ddbb742ade152ae2bc2b2a234485a6692a5b23cb15a8789cf435da052fe54cf51a130e761c6e9d1d1
SSDEEP

192:M8XlBQX/cZ5fJ7FHSTHR+NPr2nFNYrvhzpct5Uk:M84X/cTfJdSTHR+t7hzpct5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47b6e56e32a9097dfacc1df2f4d855c7_JaffaCakes118

Files

47b6e56e32a9097dfacc1df2f4d855c7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8b58d9f35aaa896cac63a14ea95ebe71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs
closesocket

msvcrt

atoi
free
_initterm
memcpy
_adjust_fdiv
_itoa
strstr
strrchr
fseek
ftell
??2@YAPAXI@Z
strchr
strncpy
??3@YAXPAX@Z
fopen
fwrite
fclose
fread
time
memset
_strlwr
malloc

kernel32

TerminateProcess
GetModuleHandleA
lstrlenA
LoadLibraryA
CopyFileA
GetProcAddress
CreateThread
GetTempPathA
lstrcpyA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
GetModuleFileNameA
Sleep

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 982B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ