74c877ab29b6639fb79a17a7fb1b1b41_JaffaCakes118 | Triage

Sharing

General

Target

74c877ab29b6639fb79a17a7fb1b1b41_JaffaCakes118
Size

71KB
MD5

74c877ab29b6639fb79a17a7fb1b1b41
SHA1

32bf9c10ab1cdf81b92d2e1f2450cb9ea76509b6
SHA256

31a57f5048cca454f5cb5b3b6cefd1f6c17a0be6acfdd579146a3c043a69b198
SHA512

eee1373ddb49d7527d65d929327e19b51f785afec5cfd15d74daaab072cc2bb344f4d892cafede0c233a64e426971263739ccc97fc32fccd2a89adf76d9b0061
SSDEEP

1536:PJiBaZ70d8AA1TSNFnToIfhWXr5ZWN7mx:RDihA1TSNtTBfhWXr5ZWN7mx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74c877ab29b6639fb79a17a7fb1b1b41_JaffaCakes118

Files

74c877ab29b6639fb79a17a7fb1b1b41_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d08b48049df663c29cda9052deee3e89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CloseHandle
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
lstrlenA
GetPriorityClass
OpenProcess
Module32First
lstrcpyA
WaitForSingleObject
MoveFileExA
SetThreadPriority
GetFileSize
ExitProcess
FreeConsole
GlobalMemoryStatus
InterlockedExchange
HeapAlloc
GetCurrentThreadId
GetLastError
RaiseException
LocalAlloc

msvcrt

__CxxFrameHandler
_CxxThrowException
_except_handler3
atoi
strcspn
strstr
??3@YAXPAX@Z
wcstombs
rand
srand
malloc
??1type_info@@UAE@XZ
__dllonexit
_onexit
free
_initterm
_adjust_fdiv
??2@YAPAXI@Z
strncpy
sprintf
strncat

Exports

Exports

Install
RunInstall
RunUninstallX
ServiceMain

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ