e1254393cc9a532143ee9c2eb0a9d29c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1254393cc9a532143ee9c2eb0a9d29c_JaffaCakes118
Size

108KB
MD5

e1254393cc9a532143ee9c2eb0a9d29c
SHA1

8b7438712719c8466446889d45beff46e4c95fc8
SHA256

7ae7f0e5c4e97d386fdee84971e70748e8ee187f932150719c0e2c0a3174acb0
SHA512

31e34587fbb0d4b050109eedb9c1abf90e4500f2ecf486e00a41a32664c25fb3b27c3c828a2fe7dee10c8df2fb7bc690b6d5fe89a59865072b999bf6bf110d70
SSDEEP

1536:VhkIcYA5swVYQd/xOQThnqmuHIfXGCVQFC6UYVMvwagWGj:PKYZwVYMJRhqRQXGujCVksj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1254393cc9a532143ee9c2eb0a9d29c_JaffaCakes118

Files

e1254393cc9a532143ee9c2eb0a9d29c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2d7bd431376ea058e7aa4dfb128a7790

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
VirtualProtect
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
WideCharToMultiByte
CreateSemaphoreW
GetTickCount
GetCommandLineA
SystemTimeToFileTime

advapi32

FreeSid
EqualSid

ole32

CoTaskMemAlloc
CoTaskMemFree

msvcrt

memmove
__CxxFrameHandler
_except_handler3
_adjust_fdiv
_amsg_exit
_initterm
free
_XcptFilter
wcslen
wcscmp
_wcsicmp
wcsspn
_CxxThrowException
malloc

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 958B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ