b5bf4b98dc38d3a16502129f98d5e5c1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5bf4b98dc38d3a16502129f98d5e5c1_JaffaCakes118
Size

5KB
MD5

b5bf4b98dc38d3a16502129f98d5e5c1
SHA1

6ca746fad1a7a99f9472d7fd85f1aa8244f7c0e0
SHA256

173f02f7c9c5d02ec5d4f133f83fa8a56c90aa2df516a3bb75f09f61c012fdc7
SHA512

11944ffbf8b3869e34b94a84a3cbbdebc74b1e32557d38ebe1f1859ce1a1f007d69c102d82fc8061944f2bf9b6e39fa95bc1d2dcb1af1586fecbbd91682dd913
SSDEEP

96:9thIWZ0U+KJRen/Se2kCEYoK564tAkW2ClOPZLH2:97r7ent2EYoKPZW2cOtH2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5bf4b98dc38d3a16502129f98d5e5c1_JaffaCakes118

Files

b5bf4b98dc38d3a16502129f98d5e5c1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

56c01e8400f58f10a32c841b9fade7b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
OpenProcess
VirtualFreeEx
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
LoadLibraryA
CreateRemoteThread
WaitForSingleObject
FindClose
CloseHandle
FindFirstFileA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyA

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExA

msvcr71

_strlwr
_beginthread
strcmp
strncat
strcpy
strlen
_itoa
strstr
strcat

Exports

Exports

??0Copendll@@QAE@XZ
??4Copendll@@QAEAAV0@ABV0@@Z
?charopendll@@YAPADXZ
?classdll@@3PADA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ