d04c19a9b6aaae238495961a414fbbeb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d04c19a9b6aaae238495961a414fbbeb_JaffaCakes118
Size

44KB
MD5

d04c19a9b6aaae238495961a414fbbeb
SHA1

849afd61d97b179c086e99052e797e36c184db34
SHA256

11be0d1a25c8d9fdd73698c0019e300a43184bbd3293b1a5b82f915eac8c1c4f
SHA512

5ccd4c3d3fd3bfe7c362139c1b79113c53544265e604f2590c0adde5e3d788da2bccdc1beac7dde11b4dcc8dd7933efd186895bd24689e69715025d04639ad54
SSDEEP

768:ZwLpBpI2mcQ/Zi34SrmqvNokDVVX5N+4whFiZLgcUCQk1vVkHWDG:ZwhakDVVX5crDiZLgRk1tCs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d04c19a9b6aaae238495961a414fbbeb_JaffaCakes118

Files

d04c19a9b6aaae238495961a414fbbeb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

905b43b2a66c5dcba074ee42850f3709

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueA
RegCreateKeyA
RegCloseKey

user32

wsprintfA
LoadStringA

pncrt

strchr
_adjust_fdiv
_initterm
atol
free
memmove
_ftol
_purecall
??3@YAXPAX@Z
malloc
strrchr
??2@YAPAXI@Z

kernel32

GetModuleFileNameA
LoadLibraryA
FreeLibrary
lstrcatA
lstrcpyA
lstrlenA
GetVersion
GlobalFree
GlobalAlloc

Exports

Exports

RACloseCodec
RADecode
RAEncode
RAFreeDecoder
RAFreeEncoder
RAGetFlavorProperty
RAGetNumberOfFlavors
RAInitDecoder
RAInitEncoder
RAOpenCodec2
RASetFlavor

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ