a00fa20f6746ddb751a2964e427b0434_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a00fa20f6746ddb751a2964e427b0434_JaffaCakes118
Size

38KB
MD5

a00fa20f6746ddb751a2964e427b0434
SHA1

33ae96fb6ecf476b86ade2fbbbb4036e410f97f1
SHA256

929d5548f1439149001d24332c25e412d00c8e982f0a3b75c2a986fa1ba1e78f
SHA512

19b014c69776824e60e65f8fdae32fddcc99e7c60bea40673f4052dcd9ae89241d05730017106304ce54159495b369cf266d5cf82d996e694d7b6376e265da1b
SSDEEP

384:DiFP2lPyfUfTkoaiHmJIpDMH+rQEOYJLWVzjb:e52lPt7La8A6abYLcjb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a00fa20f6746ddb751a2964e427b0434_JaffaCakes118

Files

a00fa20f6746ddb751a2964e427b0434_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a481297ecd7dd8f6ddd8ff2332339633

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
Sleep
ExitProcess
CloseHandle
CreateThread
GetModuleFileNameA
lstrcatA
GetSystemDirectoryA
DisableThreadLibraryCalls
WritePrivateProfileStringA
IsBadReadPtr
VirtualAlloc
VirtualProtect
VirtualQuery
VirtualFree
WideCharToMultiByte
lstrlenW
GetCurrentProcessId
GetCommandLineA
GetPrivateProfileStringA
CreateToolhelp32Snapshot
GetComputerNameA
Module32Next
Module32First

user32

wsprintfA
MessageBoxA

shlwapi

StrStrA
StrStrIA

msvcrt

sscanf
_adjust_fdiv
_initterm
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z
free
malloc
_itoa
strstr
isspace
isalnum

Exports

Exports

COMResModuleInstance

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ