a82bf174958eb4e46a8088bdbe14a72b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a82bf174958eb4e46a8088bdbe14a72b_JaffaCakes118
Size

24KB
MD5

a82bf174958eb4e46a8088bdbe14a72b
SHA1

77121ae78aced0956a8bbc62d132243723b3ecf1
SHA256

03dc2cd36d5e68c7f5e3496f6f702bc50e2fc04af3c9b772588cd48f6432706e
SHA512

80f136cd5de7d4ea54fda4559375e21f20008160c47e1902bb69bd0e95dd74c99e4cf8f3ca63e4898fa628802ccb6045bd834372fcfd31a91694b1cf3e24bece
SSDEEP

96:jNz+rF1YnrMyMcGMyBsp0LWKcfd/gi4vn1pstiOxMArwG:jx+JxyjLk2RKcfdgt1wiOxP5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a82bf174958eb4e46a8088bdbe14a72b_JaffaCakes118

Files

a82bf174958eb4e46a8088bdbe14a72b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8e94e3a02c43ea737d7c77db240f119c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
GetProcAddress
GetModuleHandleA
lstrcatA
LeaveCriticalSection
lstrcpyA
LoadLibraryExA
FreeLibrary
GetVersionExA
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
DebugBreak
DeleteCriticalSection
lstrlenA
InitializeCriticalSection

advapi32

RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ