bf110d75f97781ed3c90851f2a1af4be_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf110d75f97781ed3c90851f2a1af4be_JaffaCakes118
Size

128KB
MD5

bf110d75f97781ed3c90851f2a1af4be
SHA1

75f8aced8716602eaf245208b84522a72723d13b
SHA256

9a32ca51f84ed86df351dd9de14c3e0a9521d90af4c0eb49e11334ce4ddd8ce0
SHA512

203e439c0cf391fad8a1ddb376926816f4abe5d2613237d4d894563226407b3181599b45a52959bccbdc1b31fd25b13e8610a7942f78ca3fd63c246e2e6592aa
SSDEEP

1536:4wKb3bgF8efng8G8S+/NTsFKXtBuPuKNT8qlabOQQWtGwQJx8KHwF4eqqwPX:ocF8efg8JNjziu+6bOFaJOQOP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf110d75f97781ed3c90851f2a1af4be_JaffaCakes118

Files

bf110d75f97781ed3c90851f2a1af4be_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4d908eefbc25543aec445e280f63f765

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CloseHandle
WaitForSingleObject
CreateThread
LoadLibraryA
VirtualFree
GetProcAddress
GetModuleHandleA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

ActiveX_
ActiveX_1
ActiveX_2
ActiveX_3
GenHWID
Init
LoadAllDll
PLCloseDevices
PLFindAndOpenDevices
PLSetCurrentDevice
PLSetUvcDevice
ReadExtUnit
ReadReg
WriteExtUnit
WriteReg
_declspecs

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 893B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25.0MB - Virtual size: 25.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ