beb555ea594b8192db52e25479d47f40_JaffaCakes118 | Triage

Sharing

General

Target

beb555ea594b8192db52e25479d47f40_JaffaCakes118
Size

32KB
MD5

beb555ea594b8192db52e25479d47f40
SHA1

026afe2a9b1a3e44bd23921e6c3c75ad7e71194b
SHA256

860a4c7761b4920731a002cc3836a0f01cd47c83c7033b2e9e4ac2f9de1b4efa
SHA512

a4049477734deaf3d4ab68307add7c433994b3ad792dfbd52ecb7ab31caa2b95847ec020962a065a4dddbf564f103f624454833bec8a6d8d7cebf98e7989a0ff
SSDEEP

768:IoyDJ9P42WWbh+Q5NNJcNSaoDIFCMSrndMsr2C+heOHI:zyDJ4WkWNNO4a/8MSGsChRHI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
beb555ea594b8192db52e25479d47f40_JaffaCakes118

Files

beb555ea594b8192db52e25479d47f40_JaffaCakes118
.dll windows:4 windows x86 arch:x86

21c2a4bafe9bb05acfc1d9ebb3a85d4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcr80

_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
memmove
malloc
free
_initterm_e
memcpy
memset

Exports

Exports

LzmaCompress
LzmaUncompress

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ