736a5d38f6306d569504a90c8a907b91_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

736a5d38f6306d569504a90c8a907b91_JaffaCakes118
Size

172KB
MD5

736a5d38f6306d569504a90c8a907b91
SHA1

215690a4e5c5fbd26370ce1a5b56855716b2dd93
SHA256

66440618ec4d6847f049d01ec50f41131d2ff9a179b58b5203f0f1788d3dd052
SHA512

ebffb09d1dbea065354935bc72195105b8a3e27b35f55bc1bd9f1ddc7564e73c49c1048e6e3282eb7107d72e176ef5d9c2f6bb8f0c38a2493b0b573d5cc01879
SSDEEP

3072:lYZFKPRmcWb9ruCyCYPO0LQEIrirLYbk8sxx2+iTF0GdJo38SI/jxx6h+nEp:lOiCyxO0LQEIrQJ7piZ0GdSI/uWE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
736a5d38f6306d569504a90c8a907b91_JaffaCakes118

Files

736a5d38f6306d569504a90c8a907b91_JaffaCakes118
.dll windows:4 windows x86 arch:x86

91f7e2fe35dcf3a1704a503cdecae1c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

_unlock
__dllonexit
__clean_type_info_names_internal
_onexit
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
free
memset
_lock
malloc

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

dolby_enc_mtsub

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ