820115c554f96020a44993aebd39b48e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

820115c554f96020a44993aebd39b48e_JaffaCakes118
Size

14KB
MD5

820115c554f96020a44993aebd39b48e
SHA1

9ce662213217c168c4462733cadebee5f9ae4d30
SHA256

61fb3c3a406fa7eb3e258acd413ee352ad0de1b2fcf41cee9d73583f97758ba1
SHA512

5d47a33ae6e741a7bc4658e239817a0446e7ca07b8025afb8e0b5803a5d3c314bbca70a6b9b15b7d04333bdaa5fc92143c568412990b7e512e2ec2b7239c764f
SSDEEP

192:ADwnYyHdtoQl29/cRCA7Lp8L4lFQO9zHJsYEqF0GZfVUH9CzT9lniudM:eaZcdIh80lFQO1ZxUdCdti/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
820115c554f96020a44993aebd39b48e_JaffaCakes118

Files

820115c554f96020a44993aebd39b48e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0e9a5d35b6536d256614c41f67ee30a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\source\cg\cgall\rubbish\spi\Release\spi.pdb

Imports

kernel32

OutputDebugStringA
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
WideCharToMultiByte
lstrcmpA
GetCurrentProcessId
lstrlenA
LoadLibraryA
WriteFile
CloseHandle
CreateFileA
lstrcpyA
lstrcatA
GetSystemDirectoryA
FreeLibrary
Sleep
CreateThread
GetModuleFileNameA
HeapAlloc
GetProcessHeap

ws2_32

WSCEnumProtocols
WSCGetProviderPath

user32

EnumWindows
GetClassNameA
CharLowerBuffA
wvsprintfA
wsprintfA
GetWindowThreadProcessId

shell32

ShellExecuteA

Exports

Exports

WSPStartup

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ