b2fd79d8d8b827c9e6bcd927c834ea41_JaffaCakes118 | Triage

Sharing

General

Target

b2fd79d8d8b827c9e6bcd927c834ea41_JaffaCakes118
Size

52KB
MD5

b2fd79d8d8b827c9e6bcd927c834ea41
SHA1

fb9da31ed41c9086d22ea6f6cf703766ec176576
SHA256

a20994444f07d90e92904b078a19dd786ebec5a7ea2e026927f7194759c2305c
SHA512

ab0d47cdf7d93fb0d8db3f308e9f7ae8394cd27b6652895914a2547668049c6a3e1b0990519b374db1e6d2938aaca9d4d9fb879583e34e2ada2cb263668b2403
SSDEEP

1536:cU2Ou0kdAWZqQ2dQmaBZu1L0+mILbEX2:cUG0eAWUQ2KBZu1Llm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2fd79d8d8b827c9e6bcd927c834ea41_JaffaCakes118

Files

b2fd79d8d8b827c9e6bcd927c834ea41_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e42956ad27d76f5551760367d6ef21ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetModuleHandleA
Sleep
CreateFileA
GetVersionExA
CloseHandle
FreeLibrary
GetCurrentProcessId
GetSystemDirectoryA
DeleteFileA
FindFirstFileA
GetProcAddress
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
DeviceIoControl
WideCharToMultiByte
WriteProcessMemory
LoadLibraryA
CreateFileMappingW
MultiByteToWideChar
GetVersion
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
OpenProcess
lstrlenW
lstrlenA
VirtualFreeEx
VirtualAllocEx
IsBadReadPtr
CopyFileA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

msvcrt

strcpy
_stricmp
sprintf
strcat
memset
free
malloc
strlen
_strdup
strncmp
_snprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
_strlwr

Exports

Exports

input

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE