aa4babb9b5e6dd74356aa2803fc4580f_JaffaCakes118 | Triage

Sharing

General

Target

aa4babb9b5e6dd74356aa2803fc4580f_JaffaCakes118
Size

24KB
MD5

aa4babb9b5e6dd74356aa2803fc4580f
SHA1

c4ae4cf47c488d33249a865cc19bcfbaa30cfd4b
SHA256

2c755d734efcd727b27ffb7b8b7bc88705ec0070c86ea894a9738740aa07364d
SHA512

dca87fd1c0dbb0301ff5aa3368d215d4b207d27b1ebdbcf30c4449811d6520f74d6b38944b0d637f516b3c1260a55b9efc3cd15009f5e4b0a89688b3a708f76a
SSDEEP

192:w1ySksz0qrnrRjBN6uJNzmpL585c3qpct5UVk8UQ:tS3z0qrnNjByL585c3qpct5t8U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa4babb9b5e6dd74356aa2803fc4580f_JaffaCakes118

Files

aa4babb9b5e6dd74356aa2803fc4580f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9dd6f92f0a41864de8709b12ddf77beb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_adjust_fdiv
_initterm
free
atoi
memcpy
strncpy
strchr
sprintf
strcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strstr
fopen
fwrite
fclose
fread
time
memset
_strlwr
_itoa

kernel32

Sleep
lstrlenA
LoadLibraryA
CopyFileA
GetProcAddress
GetModuleFileNameA
CreateThread
GetTempPathA
lstrcpyA
ReadProcessMemory
lstrcatA
GetCurrentProcessId
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
ExitProcess

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 878B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ