656cb6d2527b4d920d0278899125beaa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

656cb6d2527b4d920d0278899125beaa_JaffaCakes118
Size

208KB
MD5

656cb6d2527b4d920d0278899125beaa
SHA1

212e0fd2d70308a9c20a0c8a14460d718937af3c
SHA256

415338ea7d35431d9f4c20fd150e57238ce1d8871d126f056559a33175a7f86d
SHA512

6e486b3a331ac6a0a6c0353b990d098dad3e72aabb53851bbd7ef638c31106b9a090f716555076e16c4b5a40f831e488d4162559b42c5c2397e7e5c6a849e945
SSDEEP

3072:eKQW22rIOQ1zqqxTf1MfD+eomW7iKTR8jFI0aggMtkozFobj1DpazZJQngqJNTdM:uOQ1zZMf/W2K98UG0pMdJQgE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
656cb6d2527b4d920d0278899125beaa_JaffaCakes118

Files

656cb6d2527b4d920d0278899125beaa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9d9801e5ee55b2c2b4a78b65392f6bd1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryExA
DisableThreadLibraryCalls
FreeLibrary

platform

ord8
ord5
ord7
ord6
ord1

msvcrt

_purecall
calloc
free
??3@YAXPAX@Z
printf
malloc
_initterm
??2@YAPAXI@Z
sprintf
_adjust_fdiv

Exports

Exports

CleanBootRecord
CreateBootScanObject
DeleteBootScanObject
LibDeinit
LibInit
ReloadSignatures
ScanBootRecord
ScanPart
ScanSector

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 815B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ