b95197b95f71cbea3675e92ddf7ffb96_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b95197b95f71cbea3675e92ddf7ffb96_JaffaCakes118
Size

17KB
MD5

b95197b95f71cbea3675e92ddf7ffb96
SHA1

421cdcd061cc1aa0b5a4a8fd3a74386be74eaf71
SHA256

6aff950116bda15c3b3387b08180589d2a766c86c58e28ee7e294d4d0b91725c
SHA512

2732bebbb211a03bba66a00d5d29f8cca7effc5194f29de4a0f55acea53b595a14cd8e4b994261178d5cc6cebfb5b4663a2f4c132cedd20e138f7dbe7a21681e
SSDEEP

192:48DoM/t2sZI9/U1xcYE1tuWvPGQhatirGaOFagp9B1voIL201zPuqfOsAVmL:nT3Zcc1eYE1tzGAatiTChploM2KPNAM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b95197b95f71cbea3675e92ddf7ffb96_JaffaCakes118

Files

b95197b95f71cbea3675e92ddf7ffb96_JaffaCakes118
.dll windows:5 windows x86 arch:x86

560545cd1df163deea3c7ceec5f21e95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DLL.pdb

Imports

msvcrt

??3@YAXPAX@Z
strrchr
??2@YAPAXI@Z
memset

shlwapi

SHDeleteKeyA

kernel32

WaitForSingleObject
OpenProcess
Sleep
CreateProcessA
lstrcmpiA
GetProcAddress
CopyFileA
DeviceIoControl
GetModuleFileNameA
GetModuleHandleA
CreateFileA
ResumeThread
DeleteFileA
CreateThread
lstrcpyA
GetFileSize
lstrlenA
ReadFile
LoadLibraryA
LoadLibraryExA
FreeLibrary
Process32First
WriteFile
MultiByteToWideChar
Process32Next
CreateToolhelp32Snapshot
ExitProcess
CloseHandle

user32

SetThreadDesktop
SetProcessWindowStation
OpenDesktopA
OpenWindowStationA
wsprintfA

advapi32

RegCloseKey
OpenSCManagerA
RegOpenKeyExA
StartServiceA
CreateServiceA
RegSetValueExA
CloseServiceHandle
OpenProcessToken

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 658B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ