9636abe882d5864b9afb521cf5851ae8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9636abe882d5864b9afb521cf5851ae8_JaffaCakes118
Size

152KB
MD5

9636abe882d5864b9afb521cf5851ae8
SHA1

5029fe92514f354e91961c24de5718dd27c1db4b
SHA256

7d15d7794fa029c2bccae9b16f5fd23ceda50a8d5573780c1cda672961c3f007
SHA512

7702354fb270d9896b1690cb88ea8f60ce7f3db2a339771fdb3c9e0dc36e22dfdf216f6d08c1ef12209ea7cbf23fd4ba494216ae4c89bb0ac20ee6cfe5ad6cfd
SSDEEP

3072:IcPMCNbivXkv3JJR/n2/rRYNLSFB7ub+yOwzI:RfbiPk3IRvF9ulDI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9636abe882d5864b9afb521cf5851ae8_JaffaCakes118

Files

9636abe882d5864b9afb521cf5851ae8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1d314ca04e2474c0b87968507a44a793

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeResource
LoadResource
LockResource
ResumeThread
FindResourceA
SizeofResource
VirtualProtect
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
GetModuleHandleA
VirtualAlloc
GetLastError
VirtualFreeEx
CreateEventA
CreateFileA
CreateThread
SetFileApisToANSI
CloseHandle
UnlockFileEx
LockFileEx

user32

PostQuitMessage
KillTimer
SetCursor
SetCursorPos
GetWindowRect
IsIconic
SetTimer
GetCursorPos
GetDesktopWindow
MessageBoxA

Exports

Exports

GetOut
ScanVA
Xreloader

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 474B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ