4c4d36a8907fd2408963250bd5a7dba0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c4d36a8907fd2408963250bd5a7dba0_JaffaCakes118
Size

223KB
MD5

4c4d36a8907fd2408963250bd5a7dba0
SHA1

152ebfe0ee3d44b9e34ab4c72e8dafaca80bd9f9
SHA256

256cc614f0a522c7dce96606b280dd535cadb3eb41a5feb18be119956aa32343
SHA512

542df49a00f8806cd9b625f01285bcb6a50526c5fe78ee0424e0de42f418c87a98ab07bf5d70409bcc6d8b6979e87188dfbf61b86d7610dc25558d163cb87324
SSDEEP

6144:hY/ffJh/84nVscfBz9RYvX20RSzjoZNB+8yqGqG3:4p+4zfBkEjoZeqGR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c4d36a8907fd2408963250bd5a7dba0_JaffaCakes118

Files

4c4d36a8907fd2408963250bd5a7dba0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

6c94088ba42902338b5dddcbe6cf6b5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalHandle
GlobalMemoryStatus
LockResource
LoadResource
FindResourceA
FreeResource
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

Exports

Exports

MW_GetValue
MW_MemSize
MW_SetOption
MW_UniESCP
MwEnd
MwInit
MwInit2
MwWrite
MwWrite2
_uMW_GetValue@16
_uMW_MemSize@36
_uMW_SetOption@12
_uMW_UniESCP@24
_uMwEnd@4
_uMwInit2@44
_uMwInit@40
_uMwWrite2@20
_uMwWrite@20

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 700B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ