a71e432f039f0356b594acadc27cbdcd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a71e432f039f0356b594acadc27cbdcd_JaffaCakes118
Size

118KB
MD5

a71e432f039f0356b594acadc27cbdcd
SHA1

11f3e1074107926b42a8c9eb3c18a447f59b3194
SHA256

4818f0c4424eb398cb083764f5155cc574d5c798c8039663be24fc0a9ac6b3c6
SHA512

741e810f45bcffdd9552522d65224b5ee2d7a87a9c594c3d1e3110acc88f143cfa85414110396df43627305d7952cbfa9b81c276258382d47e1622e71aa238ef
SSDEEP

3072:9z8OoAi2oXEYtLAbNiO5n7pHx95nIU6N:F8OnoXEWMNic7pHx9pI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a71e432f039f0356b594acadc27cbdcd_JaffaCakes118

Files

a71e432f039f0356b594acadc27cbdcd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

68a1795ba69402cfadbdba230afff3f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
SetHandleCount
lstrcpyA
LoadLibraryA
VirtualAlloc
HeapAlloc
HeapFree
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
FreeEnvironmentStringsW
GetCPInfo
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings

ltkrn13n

ord192
ord189
ord312
ord282
ord283
ord188
ord190
ord191

Exports

Exports

DllMain
fltInfo
fltLoad
fltSave

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ