aba2d973b0ec149a6eb59b658752a026_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aba2d973b0ec149a6eb59b658752a026_JaffaCakes118
Size

188KB
MD5

aba2d973b0ec149a6eb59b658752a026
SHA1

8b124eb2e5b22531d65a92c69be032301d9984a9
SHA256

5c0c5e2671c27fdb2e48b36bb2c14f85fd1f5ae1b6a753dbba96a1743e900df5
SHA512

4243444a8066ee3d26468c4733428eac361dce3913e53c1e35dd29bc51bc36362c56dd5903b1e9b39ec3b9d854dc5703410091bfa3d2bc32b98a4e673889c8e0
SSDEEP

3072:nfB8orvKY6mVL9W2wLvbVENr8nf/r3CI+RKp1ULHaqAPyMfiG8ZLcvSLYyiqsHKa:nCorzVLwrzVEqryFsI6PPyMfiGc5LYLq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aba2d973b0ec149a6eb59b658752a026_JaffaCakes118

Files

aba2d973b0ec149a6eb59b658752a026_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c17d7c79910e5b9f1ed8dd760d4a91aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

platform

ord8

msvcrt

??3@YAXPAX@Z
free
malloc
_purecall
printf
__CxxFrameHandler
??2@YAPAXI@Z
_initterm
_adjust_fdiv

kernel32

DisableThreadLibraryCalls

Exports

Exports

CreateVirListObject
CreateVirListObjectByVirusInfo
CreateVirListObjectByVirusInfoEx
CreateVirListObjectEx
DeleteVirListObject
DeleteVirListObjectEx
LibDeinit
LibInit

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 938B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ