697709a026532f70dbc7f87aeceba8da_JaffaCakes118 | Triage

Sharing

General

Target

697709a026532f70dbc7f87aeceba8da_JaffaCakes118
Size

66KB
MD5

697709a026532f70dbc7f87aeceba8da
SHA1

b4341956c7016f1ba5900c2e729d9bec40d88e85
SHA256

2be4b56681a978ecfd8d8ed2595b6447fafa401e7f3792d06bac78d750cd4b78
SHA512

b4e5167d7c386688c52ccc82a19f403a7e6a1cfb7da795af7bb40b99e0059354477cb6fd0cb9fbb5ad033c6ec031e8edd2cdac96c173eac12b016ddfc9ed1e74
SSDEEP

768:xs6Cak5YwUqTc54Q8WSBufNwp5wll3rBrPzfXtRYkAV/aha00Ir810UH2fWdT2Mn:xs6CaHQWNwpSLruV10mEkAV4Dqe8Hs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
697709a026532f70dbc7f87aeceba8da_JaffaCakes118

Files

697709a026532f70dbc7f87aeceba8da_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b3a8161ba379eae070e6fc135e2607d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
IsBadReadPtr
GetProcAddress
lstrlenA
VirtualFree
LoadLibraryA
VirtualAlloc
GlobalReAlloc
GlobalSize
CloseHandle
CreateThread
lstrcmpiA
GetFileSize
CreateFileA
GetLastError
CreateMutexA
GetCurrentProcessId
WaitForSingleObject
OpenMutexA
DeleteFileA
GetTempPathA
GlobalAlloc
GetTickCount
GetModuleFileNameA
lstrcpyA
GlobalFree
GetSystemDirectoryA
lstrcatA
ReadFile
GetModuleHandleA

user32

wsprintfA

msvcrt

fclose
getc
putc
memcpy
strstr
fopen
memset
fwrite

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ