c8bf4b2e36f65d781b779dfa0c7b4497_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8bf4b2e36f65d781b779dfa0c7b4497_JaffaCakes118
Size

104KB
MD5

c8bf4b2e36f65d781b779dfa0c7b4497
SHA1

2009cbb691f2ed1206424db104f33cb4b7c44573
SHA256

14d0b2196cd51eee7935334558f514a79504167cb9b020d0be8052eabd11a479
SHA512

42a2e2dbfc9afb79cde43ff28eb7574e4e0ddabed97cf552b78020ff0089596247b55d32785af033344094a7db9540deeb80d634149f000b544117ddc47a46dc
SSDEEP

1536:y/Am0I+Ln2ZM/eYHnzopZYbeKRUKueA6a7/VUYw:y42mmUnmAa7tUYw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8bf4b2e36f65d781b779dfa0c7b4497_JaffaCakes118

Files

c8bf4b2e36f65d781b779dfa0c7b4497_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bf92462ba9735f5bd88297e40e632ea4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

time
_stricmp
_ftol
_initterm
_adjust_fdiv
vsprintf
strchr
printf
memmove
_onexit
__dllonexit
_ismbcspace
??2@YAPAXI@Z
malloc
sprintf
??3@YAXPAX@Z
_purecall
_putenv
_errno
_open
_close
_lseek
_read
_write
_get_osfhandle
realloc
free

kernel32

GetFileSize
DisableThreadLibraryCalls
GetTickCount
SetErrorMode
LoadLibraryA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
FreeLibrary

user32

MessageBoxA
GetSystemMetrics
CharNextA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

RMACreateInstance
SetDLLAccessPath

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE