cff5b22113e41e24f33499bc0a4f370a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cff5b22113e41e24f33499bc0a4f370a_JaffaCakes118
Size

42KB
MD5

cff5b22113e41e24f33499bc0a4f370a
SHA1

88d6284765912e42c922c4a02bee463ad9845604
SHA256

90674e0aca5e96eba1cf41ff71fcad828bb6119c07a4b89d18ce192f9e78ce84
SHA512

6893bf7510786328b41b3328acd74563b69c211c755662807269a530737554657691e92205c6d0ada8e20b11702684c593087cf588ab9f01f6725f12902a044c
SSDEEP

768:aDg0kxVzKB7NwLVgHJHs8qeQHw+NX+JzwsA92N0zEMg:acxVGTwLVuts8qeQpy8OiAM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cff5b22113e41e24f33499bc0a4f370a_JaffaCakes118

Files

cff5b22113e41e24f33499bc0a4f370a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

48b2abb14815d5cb1ed9955a5a7edf43

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord537
ord2818
ord825
ord389
ord823
ord5207
ord5356
ord540
ord2915
ord800
ord1988
ord690

msvcrt

_adjust_fdiv
_initterm
malloc
free
sprintf
atoi
tolower
strcmp
strcpy
strcat
strlen
__CxxFrameHandler

kernel32

FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentProcess
GetSystemDirectoryA
CreateThread
CloseHandle
LoadLibraryA
SetFilePointer
DeleteFileA
WriteFile
CreateFileA
GetFileSize
WaitForSingleObject
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
CreateProcessA
CreateToolhelp32Snapshot
Process32First
Process32Next
Sleep
ReadFile

user32

GetWindowThreadProcessId
FindWindowA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueA

shell32

SHGetFolderPathA

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ