8d40c9d99e544cf3c9ba04fd7aef365a_JaffaCakes118 | Triage

Sharing

General

Target

8d40c9d99e544cf3c9ba04fd7aef365a_JaffaCakes118
Size

12KB
MD5

8d40c9d99e544cf3c9ba04fd7aef365a
SHA1

09971bbac7da95b8a631aa2809f15e243051dd20
SHA256

5f35c8c627ca2d978fde68fff37ba3f11f57264ba23c5a33fb8673b0206e7dc9
SHA512

cb18b3ea0ec9663d5f2f4dfdc663288e715b819dda5cc42b608b3598c612cf73c1cd045e2cbfa902b570b9d39bc87382b87f75ccf23c3b9c7d196cb047c4e5a0
SSDEEP

192:cqicUjF0QkWGM7SNeO03E/Qk9IwxjJE9y7NfU4c3bSm:cqicxbWGM7ceO00Yk9JvBUp7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d40c9d99e544cf3c9ba04fd7aef365a_JaffaCakes118

Files

8d40c9d99e544cf3c9ba04fd7aef365a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0c8637130c1fa065e3d5a24a3214a329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
GetProcAddress
lstrcmpA
FreeLibrary
Process32First
GetSystemDirectoryA
GetTempFileNameA
LoadLibraryA
GetModuleHandleA
DeleteFileA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
IsDebuggerPresent

user32

CopyIcon
FindWindowA
LoadCursorA
GetWindowThreadProcessId
EnumWindows

Exports

Exports

Exucute
TTTT

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ