aab764e1bbdfa6f1a2baec3cb4853252_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aab764e1bbdfa6f1a2baec3cb4853252_JaffaCakes118
Size

116KB
MD5

aab764e1bbdfa6f1a2baec3cb4853252
SHA1

bbcdedc8042b48fe8f42fb0928e347587797fb3a
SHA256

af147990a078fa87195b3b8387e70e95ba2be0f3b00d70541e996cd2a6813239
SHA512

ec56b620f3657ca797f06fa667e4371d64907edc02eb1fbed169da2d5cd1ea458df959c663048f8a32a0d7b01ab492a00bf73e0ad63115a9ac69ca9c87be937c
SSDEEP

1536:RXMez/SJU24LeXO0sSkKqNAOety9wwVquDsrLzx9SRKIu09eeX9U2bE5HbHm+G:RXMenLeXT4uy9wwVGrvx9MoeXr8G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aab764e1bbdfa6f1a2baec3cb4853252_JaffaCakes118

Files

aab764e1bbdfa6f1a2baec3cb4853252_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4e8b28fe9a24fe0ce6d3fd0daa74358d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwImpersonateThread
_snwprintf
ZwLoadDriver
ZwOpenThread
ZwQuerySystemInformation
ZwClose
RtlAdjustPrivilege
_snprintf
_wcsicmp
_stricmp
RtlInitUnicodeString
memcpy
memset
_chkstk

shlwapi

SHDeleteKeyW
PathFindFileNameA

kernel32

GetTempFileNameA
Sleep
DisableThreadLibraryCalls
VirtualAlloc
GetProcAddress
WriteFile
VirtualFree
GetModuleFileNameA
GetModuleHandleA
CreateFileA
CreateMutexA
GetVersionExA
CreateThread
CloseHandle

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE