4c0aca78cde695c7e4a8d097d8d4b3c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c0aca78cde695c7e4a8d097d8d4b3c1_JaffaCakes118
Size

98KB
MD5

4c0aca78cde695c7e4a8d097d8d4b3c1
SHA1

6330a0c337fa7f76e17fb648b296327da2941ef6
SHA256

cfb2835dd096fb5df5306266053ffddd99f9e59115fdf7428ccc0f92ee34daef
SHA512

a194ed57478f28d167f9bd27d957dd3cb8306eedbffbd91d41e56e2e1563ed65b2f65b3846e5be9bf590aba4c37573ed1b1d5ac58bb08980a66875f1619947dc
SSDEEP

1536:63oPF5fn6FLyNn6laZWkahXSy+Du/PXg59BpYmX6rwnOGGd+UDis:6svP6Fo6mh6XMu/Y59BdMuLGh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c0aca78cde695c7e4a8d097d8d4b3c1_JaffaCakes118

Files

4c0aca78cde695c7e4a8d097d8d4b3c1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9498b931c688222d469a98ea2641d2a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpiA
ExitProcess
ResumeThread
GetLastError
VirtualProtect
VirtualFree
LoadLibraryA
GetModuleHandleA
VirtualAlloc
CreateThread
SetFileApisToANSI
CloseHandle
UnlockFileEx
LockFileEx
WriteFile
PulseEvent
CreateEventA
lstrlenA
CreateFileA

user32

MessageBoxW
PostQuitMessage
KillTimer
SetCursor
SetCursorPos
GetWindowRect
IsIconic
SetTimer
GetCursorPos
GetDesktopWindow
MessageBoxA

Exports

Exports

CreateSX
GetOut
Xreloader

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ