c98747d3d2664bb1b649617b56caba5a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c98747d3d2664bb1b649617b56caba5a_JaffaCakes118
Size

1.7MB
MD5

c98747d3d2664bb1b649617b56caba5a
SHA1

b86f21e402198b00c88d381cc2356c889056973a
SHA256

76591e6c189398b77291ea5b846eabd693ddff97e86c294dafc2117646cc5bb8
SHA512

2ed9ab6526f11c4ed7e4f17b1b95627208a2b2e4effed78ca6c51e2a7f9923d6eed65434628568a05737c4c1eb4ed4d286ae200b931b7925db44a227ee1adf3e
SSDEEP

3072:+LTQpU7JRu8KG+vkcVACn68ocvbTrbOnUXG1FujWe6cFgBhf7M9pg:+LTQi+8KyuALM3kl1FuCTvbo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c98747d3d2664bb1b649617b56caba5a_JaffaCakes118

Files

c98747d3d2664bb1b649617b56caba5a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0408bebecf84d6b424717125412e5fe7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
ReadConsoleA
RemoveDirectoryA
SetThreadPriority
Sleep
CloseHandle
SetProcessWorkingSetSize
FindResourceExW
ConvertDefaultLocale
CompareFileTime
RaiseException

ntdll

RtlImageNtHeader

user32

ValidateRgn

ole32

CLIPFORMAT_UserSize

gdi32

Rectangle
SetStretchBltMode
PathToRegion
Pie

oleaut32

SafeArrayCreateVector
SafeArrayGetElement

rasapi32

RasGetAutodialAddressA

Sections

.text
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ