94023a12f91b0ee910d3d42d8b2143f0_JaffaCakes118 | Triage

Sharing

General

Target

94023a12f91b0ee910d3d42d8b2143f0_JaffaCakes118
Size

6KB
MD5

94023a12f91b0ee910d3d42d8b2143f0
SHA1

e3bfb0dd8abfc35a61853dccafa449f88c6bbbd7
SHA256

10fc011e638fe751cd5b30c803e109819d398d5d0ac37c84f2c7482daedc3153
SHA512

2fbfe384ec7a1be843fb87831c51a98889c51e1e0ef9e92b3ff967c00dbe777bdcdc0983b7e69d2330c2add8173a52ee68ef0eaca07a5489589aafa331721504
SSDEEP

96:Yro4/jmYHCBF7WuH+wfF4/jjwrVWg59ETgXy2:YrFyYHGyi+wOnwhWfTgC2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
94023a12f91b0ee910d3d42d8b2143f0_JaffaCakes118

Files

94023a12f91b0ee910d3d42d8b2143f0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9668aaef9d9154b969013df1d747c8ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord537
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord4204
ord2764
ord941
ord540
ord860
ord5683
ord4277
ord858
ord800
ord3147
ord4274

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
__CxxFrameHandler

kernel32

CloseHandle
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
SleepEx
CreateThread
DisableThreadLibraryCalls
TerminateProcess

Exports

Exports

SensBalloon

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 342B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ