c1b154e2204412e64290028e634795a8_JaffaCakes118 | Triage

Sharing

General

Target

c1b154e2204412e64290028e634795a8_JaffaCakes118
Size

9KB
MD5

c1b154e2204412e64290028e634795a8
SHA1

cd203739492f15ed6fbc75c5b7288de7d7762361
SHA256

363c9d94ed66c8eedbea39013fc1f8109bf4c70aa70ed413a3c612742c377389
SHA512

aea854738a88f1a41022360177acba489cd33bffe05af613233b228d788a0b03ca9d44e8e0612bcabdb8398ccc1bdacec2f6d4f67e50c46dddcd17ce095f1b88
SSDEEP

192:az8crRZffznU7rI2e+LGMcUaIMhZ90YrhG1EcOKSY:a3rjDU7PL7raIO0Y3K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1b154e2204412e64290028e634795a8_JaffaCakes118

Files

c1b154e2204412e64290028e634795a8_JaffaCakes118
.dll windows:6 windows x86 arch:x86

ceee6e75e613408f22ed9ae46ea8ae64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\programs\mutantofthefuture\wlloader\objfre_wxp_x86\i386\WLLoader.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
QueryPerformanceCounter
CloseHandle
DeviceIoControl
CreateFileA
CreateProcessA
WriteFile
GetTempFileNameA
GetTempPathA
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
ReadProcessMemory
GetThreadContext
lstrcatA
GetEnvironmentVariableA
WaitForSingleObject
Sleep
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind

ws2_32

recv
send
connect
htons
socket
WSACleanup
WSAStartup
closesocket

Exports

Exports

Run
WLEventStartShell

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 414B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ