aef6aec6d94b5ae38412bb16191a8952_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aef6aec6d94b5ae38412bb16191a8952_JaffaCakes118
Size

8KB
MD5

aef6aec6d94b5ae38412bb16191a8952
SHA1

5a3731ce4487687323fee4ae4c1bd7b37721eb7b
SHA256

0ee93a77840ef89885e40462ce2d6c1fa08e60aafa7925a7de6211e1b8290b32
SHA512

8fae3b504f8b6f7ebf32f392155220e6a8ab356abc5e6d7fb66c2ec4e3b3f870a16463bf367c0d0ff967f685f2831e3663cc897f2b7670c7b366b4cbe13ee625
SSDEEP

192:jpV2rvCs1r2FAjih0Tl2aWbs+5BdTbCPWQWw5F:jCr1MWbMdTbCPWQWw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aef6aec6d94b5ae38412bb16191a8952_JaffaCakes118

Files

aef6aec6d94b5ae38412bb16191a8952_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ec3f1236c0f328e4f4368886646419d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

RtlPrefixUnicodeString
RtlEnumerateGenericTableWithoutSplayingAvl
RtlInsertElementGenericTableAvl
strchr
RtlInitializeGenericTableAvl
_snprintf
ZwClose
RtlInitUnicodeString
ZwOpenKey
ZwQueryValueKey
memset
memcpy

kernel32

DeleteFileA
VirtualFree
VirtualAlloc
CreateFileA
GetFileSize
ReadFile
CloseHandle
SetFilePointer
WriteFile
GetModuleFileNameW
LoadLibraryA
GetProcAddress

wininet

HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
HttpSendRequestA
InternetCloseHandle
InternetOpenA

shlwapi

SHRegSetUSValueW
PathFindFileNameW

Exports

Exports

LogSend
LogTrim
Update

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ