95bc0fd31164d3f60ccd940cd64b8ac9_JaffaCakes118 | Triage

Sharing

General

Target

95bc0fd31164d3f60ccd940cd64b8ac9_JaffaCakes118
Size

119KB
MD5

95bc0fd31164d3f60ccd940cd64b8ac9
SHA1

3ee6b43743215d74deb406efcb93ee6d814d03ec
SHA256

8b76eade3a51a538054ed2a048126e46fc2efc7b4a33b2be5315391e3858c2c1
SHA512

7aa7caac2392184796fb8d57c2556968220a430a50ba7a19d7c82107fa7527c748f80004736d8952d68d46408400377d635097b39a20335c19a0c245cd3577f1
SSDEEP

1536:HOr9lB8dhxm2OVaLF+YhIZArMHx6F2+RtNRUpWkLAtN7l/XdOFpUd:uwxm2OoF3XYH8lD+AkuNxVOHUd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95bc0fd31164d3f60ccd940cd64b8ac9_JaffaCakes118

Files

95bc0fd31164d3f60ccd940cd64b8ac9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

7e877438d97cdc2025b0cf0c0086e0aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetProcAddress
HeapAlloc
GetProcessHeap
VirtualAlloc
EnumResourceTypesW
GetCurrentProcess
lstrcmpiA
LoadLibraryA
IsBadReadPtr
AttachConsole
CompareStringW
CreateFiberEx
GetDateFormatA
TerminateProcess
GetStringTypeW

user32

CallMsgFilter

gdi32

CreateCompatibleDC
BitBlt

advapi32

GetUserNameW
StartServiceW

Exports

Exports

jludwhvm
oxmmqypqmnnimpu
pmtfmnzauthcac

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ