49887da100cded923536ee90558e5772_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49887da100cded923536ee90558e5772_JaffaCakes118
Size

93KB
MD5

49887da100cded923536ee90558e5772
SHA1

5c30f3a8e0da07c62efad936dfd33fb04b0cc76e
SHA256

cc18b26965f4babc0e64737c6086e50fd46e4c3ae20b18a84a3e65444386e1f6
SHA512

2793aae02586e389394916e57426ba1064baf31de71e3a1b4148d025ecfaa87bfe8dd8a11b728b2259bf11f9438b5526c01ccad06776c34d64696db2a4306e50
SSDEEP

1536:SXdF6nZ2LZDu7y3Py+nObBvLtsaqj2N9NAgFVp3dr4INgA+CJ:SXdF6nZ29Du7y3PHnObZLtxq6NXAgFV1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49887da100cded923536ee90558e5772_JaffaCakes118

Files

49887da100cded923536ee90558e5772_JaffaCakes118
.dll windows:6 windows x86 arch:x86

3b1032f590d061fccc8aa4ca649a58a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

SortServer2003Compat.pdb

Imports

msvcrt

_amsg_exit
_initterm
free
malloc
_XcptFilter
bsearch
memset

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlUnwind

kernel32

GetSystemWindowsDirectoryW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
SetLastError
CloseHandle
CreateFileMappingW
CreateFileW
MapViewOfFile

Exports

Exports

SortCloseHandle
SortGetHandle

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ