da112d949433f31aa4b2b83700422933_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da112d949433f31aa4b2b83700422933_JaffaCakes118
Size

16KB
MD5

da112d949433f31aa4b2b83700422933
SHA1

fab3725bcc54b6555d7580a15155ba478ab027b9
SHA256

2d8893685b3ac83b7475c098f370ac9b505eba1752723d21b9f3b1f1526fb688
SHA512

247a36a52e07da4a1f54e981217ba701926fac6da81df279f2f8b207ed18deb1d819fadd0d142a3b768caf2f2163e4e08fe62862c585802d63cdd9599a8f05fd
SSDEEP

384:4ZiZScMlgSyBhGQ3ectmLUph7tkKcHM18:40ZScMlVyBJ3ectmLU77tkKOq8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da112d949433f31aa4b2b83700422933_JaffaCakes118

Files

da112d949433f31aa4b2b83700422933_JaffaCakes118
.dll windows:4 windows x86 arch:x86

11a38f36b428303a89e5d24a7a38cfa5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CloseHandle
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
Sleep
IsBadReadPtr
TerminateProcess
RaiseException
FlushFileBuffers
GetTickCount
GetModuleFileNameA
WaitForSingleObject
GetLastError
CreateEventA
SetProcessShutdownParameters
OutputDebugStringA

ws2_32

htons
recv
inet_addr

wininet

InternetOpenA

user32

PeekMessageA

msvcrt

_strupr
_strlwr
_stricmp
_wcsicmp
_adjust_fdiv
free
strcpy
strlen
malloc
memcpy
strstr
strcmp
strncpy
sprintf
_except_handler3
wcsncpy
memset
memcmp
strcat
time
strrchr
_initterm

Exports

Exports

W

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ