d66208b166e4533437b4b9516932e217_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d66208b166e4533437b4b9516932e217_JaffaCakes118
Size

21KB
MD5

d66208b166e4533437b4b9516932e217
SHA1

c87837e5cf845fc1d98fc441ff50975894e8ec43
SHA256

486b21b3f54deaadfb61f1d6141515d9c602e6524c743023a457ec528accf654
SHA512

84b0383977ad61d6065f07822d0811a290ddd660c17977b2c1ffa5eed34fb80aedc18bce7c8ec4d437c8a2c7826e3e43d47141a4bb8e5c3bd5eea0748f4af328
SSDEEP

384:x7RrkOqtl5ZABMl1EoDbqQei3MaaRvkgXhgGV5+xF8vtx3svRf7:x7Rrnsl56A17DCfrv7XhgGVqKvtxA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d66208b166e4533437b4b9516932e217_JaffaCakes118

Files

d66208b166e4533437b4b9516932e217_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9a4d00436e3bdcd635f0a3f656e4a2ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetLastError
Sleep
lstrcmpiA
lstrlenA
CloseHandle
lstrcpyA
GlobalAlloc
GlobalFree
DeleteFileA
FreeLibrary
LoadLibraryExA
SetFilePointer
GetModuleFileNameA
GetModuleHandleA
lstrcatA
CreateThread

Exports

Exports

LoadGraphics
StartVM

Sections

.text
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ