5db1ab2d8c0a217486e4daa7ddb152c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5db1ab2d8c0a217486e4daa7ddb152c9_JaffaCakes118
Size

22KB
MD5

5db1ab2d8c0a217486e4daa7ddb152c9
SHA1

6a4f86f437150972417ed07df605424f0c037d9b
SHA256

a13d57baeed1871d28b663a482f79155a91489a02a3a1513ac7a99d28c6f7ee2
SHA512

4e5271da84b8f6a2bc7694abdce6dce44d9f7e1a68a3a328ae14bad28bea3b4a6f2fa5903b493fb04877bfa0c752bae0df782be3ab55597aec09e827bc13b979
SSDEEP

384:vDgFdPvdxc0seq8u0ALhgh+nrQ40wRpaMDEtvmrKH6cicSCUoYd7gADdtME:v0FdNKjquTbnEIpr6vmryHMChArX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5db1ab2d8c0a217486e4daa7ddb152c9_JaffaCakes118

Files

5db1ab2d8c0a217486e4daa7ddb152c9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

24aea490bfa65a527901c32c2aad5cf4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
WriteProcessMemory
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
OutputDebugStringA
GetCurrentProcessId
WaitForSingleObject
GetLastError
CreateEventA
SetProcessShutdownParameters

user32

GetKeyNameTextA
PeekMessageA

msvcrt

_strlwr
free
malloc
strlen
memcpy
strstr
_beginthreadex
sprintf
memcmp
_except_handler3
strcat
strncmp
_ftol
memset
strcpy
__CxxFrameHandler
_initterm
_adjust_fdiv

Exports

Exports

M

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ