b4edcfbde50f89372467bae5d88facd8_JaffaCakes118 | Triage

Sharing

General

Target

b4edcfbde50f89372467bae5d88facd8_JaffaCakes118
Size

64KB
MD5

b4edcfbde50f89372467bae5d88facd8
SHA1

b46d3fae7b1d71b8b1755433864c04721c7e6eb3
SHA256

d585ae5239e73b8c32fb797c58a2f5eaf12b76fef056cd1135aea610d2ff8b19
SHA512

527ec327490e9de38f048630c7be2d31ef5e9b869c4785005f8ff5f4c9c87ac7b80785e05112fd4cd02edfa8eaaf44a5bee8ee6779014e6448e5a2bf0eab2017
SSDEEP

1536:BxgQkGaDJxBazaKMVMek1VP2+HzFLKupBpkGCknhGkICIS:rkJJfuaKIMek1VP2+TFeupBrHhOCI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4edcfbde50f89372467bae5d88facd8_JaffaCakes118

Files

b4edcfbde50f89372467bae5d88facd8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8fc64ea83af5fc72d8981039631b5dc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTapeStatus
DefineDosDeviceA
GetProcAddress
GetProcessTimes
WriteFile
QueryPerformanceCounter
GetProcessId
GetLogicalDrives
GlobalUnfix
GetProcessHandleCount
GetCurrentDirectoryA
GetModuleHandleA
LoadLibraryExA
GetConsoleMode
GetTickCount
Module32Next
CancelWaitableTimer
GetProcessIoCounters
VirtualAlloc
ReleaseSemaphore
CopyFileExA
GetCurrentProcess
SetHandleInformation
QueueUserWorkItem
FreeEnvironmentStringsA
GetCurrentThread
SetVolumeLabelA
SetDefaultCommConfigA
CompareStringA
GetCommMask

wininet

InternetCrackUrlA
InternetGetConnectedStateExA
ResumeSuspendedDownload
FtpSetCurrentDirectoryW
InternetUnlockRequestFile
InternetQueryDataAvailable
FindNextUrlCacheEntryW

Exports

Exports

Msdpateboa
WriteBcjowusoq

Sections

.rtext
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ