dd367523d46fe26321a143bbc611c0ed_JaffaCakes118 | Triage

Sharing

General

Target

dd367523d46fe26321a143bbc611c0ed_JaffaCakes118
Size

96KB
MD5

dd367523d46fe26321a143bbc611c0ed
SHA1

67e5d125171bd7b7848b32e20ade86a9332f126a
SHA256

49dafe55daf5fa2d040817c478fd11be7a1df59eb265321e56447d9c87b66a0c
SHA512

0960923abacb3f399b1ed5c7554ab24dcdc4913667febdcf2695af78be1e17d430241416184de9f3fed3561ec346eb8d6f50e668ce38a88a3da478359a85626b
SSDEEP

1536:E/IO7fq8OJTMnwgH+f/AmQriKeG+TnFZXtGoK8tjcoQdV8xibKrvIbZUv0z/4M:Ex7rm/AmQr7+hdtTKUjYi2cgbZsM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd367523d46fe26321a143bbc611c0ed_JaffaCakes118

Files

dd367523d46fe26321a143bbc611c0ed_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bc27270dc8a797075326d1eaac8cf6e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleA
GetVolumeInformationA
GetSystemDirectoryA
GetEnvironmentVariableA
VirtualFree
GetProcAddress
GetCurrentProcessId

user32

PostMessageA

advapi32

RegQueryValueExA

Exports

Exports

cleanup
init

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 734B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ