ce450972210c5ed8e827a07382a384a7_JaffaCakes118 | Triage

Sharing

General

Target

ce450972210c5ed8e827a07382a384a7_JaffaCakes118
Size

40KB
MD5

ce450972210c5ed8e827a07382a384a7
SHA1

6a7ea5a3327049c84378b9cfc28cfd02ae3743aa
SHA256

881e9e4c55551e8b5bee3aa937ee7eb8a64a6307f71cedb914283726dda77d9c
SHA512

7600008f6eb38bcd1e44387c9440817d7239ead2b8f25a09b27872379328de59309afa38d85c85fcc1fcd731cdfcdedfd2fd42edff00047f9a3e5ed1b479b50a
SSDEEP

768:LJmRPB/UBA3U2i8IoTqg/0+IOynToIf1wm:LWGBA3U2W+IOynToIf5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce450972210c5ed8e827a07382a384a7_JaffaCakes118

Files

ce450972210c5ed8e827a07382a384a7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6fa240f7cc8b14d384a8b6429928bc0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
ReadProcessMemory
GetThreadContext
Sleep
CreateProcessA
lstrcatA
GetSystemDirectoryA
TerminateProcess
CloseHandle
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualProtectEx
VirtualFree
GetModuleHandleA
ReadFile
GetFileSize
CreateFileA

msvcrt

memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

CreateLog
DeleteLog

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 506B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ