ce517e8d749118ab7638c9773d25af49_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce517e8d749118ab7638c9773d25af49_JaffaCakes118
Size

95KB
MD5

ce517e8d749118ab7638c9773d25af49
SHA1

c8d8b51f2dba383cba82da17b80d6f6e43f24336
SHA256

f7183ccb94560228bc8c0fc247980bdda72d5daa93f3abfd3df2883ccc7840d1
SHA512

e42ad362ca4e6d3e3ae1c2c9706cf3dd7a7dae5c2cc23c493458b8067b9c305c0b9d0252dc2371bd7693e712ca267a39808eed1e6d27a3212435aeeb0b7f946e
SSDEEP

1536:Osn2n6VZZAfLDbRn3dNZKVfe7M3U9BQ8C4Aq0odUR+AicJyf6q/B65uVqnL2rJ3:OsnNhEVNiQMT+AioyD45uVqnL2rJ3/o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce517e8d749118ab7638c9773d25af49_JaffaCakes118

Files

ce517e8d749118ab7638c9773d25af49_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b60e5f91e73f13db589eeeea6c2822b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
LoadLibraryA
IsBadReadPtr
lstrcpyA
lstrcatA
lstrcmpA
HeapFree
FreeLibrary
Sleep
VirtualFreeEx
VirtualAllocEx
GetCurrentProcess
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA

msvcrt

malloc
free
memcpy
memset
realloc
strcpy
atoi
strchr
strlen
_beginthread
_initterm
_adjust_fdiv
_stricmp

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ