4b6ace401582d65714a5fe87a338b7ba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b6ace401582d65714a5fe87a338b7ba_JaffaCakes118
Size

308KB
MD5

4b6ace401582d65714a5fe87a338b7ba
SHA1

5fda558146b2d0835d74d541587632ff4b1ba741
SHA256

37231673532f4f9d379297d798d4ed9f84f7988df6563d5a0cb7d712a2833bcb
SHA512

58d21cc6711232b7becd2c62f3946e2238a7ab64d873c71e118499b75991afb2cbcf39474c2785fe9a20d095ec60dc051af11b08538d773ef864a6533c00f2a8
SSDEEP

6144:QXbA/pjuA/bxys3j4P1UMpPLN4v6V2tMb9JTDGPTK1Z9+:cA/htzxj3WUMRLR2tMb9JTqPTk9+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b6ace401582d65714a5fe87a338b7ba_JaffaCakes118

Files

4b6ace401582d65714a5fe87a338b7ba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fa5309f2b5699271fc821f685f979277

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
ExitThread
GetProcAddress
VirtualAllocEx
lstrlenA
ExitProcess
VirtualAlloc
lstrlenW
GetCommandLineW
IsBadReadPtr
GetACP
GetCommandLineA
GetModuleHandleA

advapi32

GetLengthSid

oleaut32

SafeArrayCreate
SafeArrayGetElement
SafeArrayUnaccessData

msvcrt

wcscspn
memmove
calloc
atan
sin
log10
mbstowcs
strcmp

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ