ea7af4f7c057f9f319120caafb506b06_JaffaCakes118 | Triage

Sharing

General

Target

ea7af4f7c057f9f319120caafb506b06_JaffaCakes118
Size

186KB
MD5

ea7af4f7c057f9f319120caafb506b06
SHA1

bbbc112dc6932116e0ca34211ece01a4a1ac3fe9
SHA256

bf62874ce8d02bff6637d55af8f80bd25636e94bb27dadb8f9d01a9e33049cbe
SHA512

0a3299034301b5d820717f74171dd22fc743f7a744bc332bd73f969b839100fa75282b9c09cabb2515ece1c2dc17ae848714421408d955cb3225aabd1f306899
SSDEEP

3072:+hsoDAd0uh4LkACO7j0pvz/JNwAX6h1SvsE2lz+U+OUm:sAqu2kAtHAcxhsvsE2lz+0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea7af4f7c057f9f319120caafb506b06_JaffaCakes118

Files

ea7af4f7c057f9f319120caafb506b06_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2b2b794f13fd8c667d8ca834996748b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
lstrcpyA
HeapFree
HeapAlloc
GetProcessHeap
lstrcatA
GetModuleFileNameA
lstrlenA
CloseHandle
lstrcpynA
ReadFile
CreateFileA
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
FlushViewOfFile
IsBadReadPtr
HeapReAlloc
LCMapStringA
GetStringTypeW
RtlUnwind
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
LCMapStringW

user32

CharUpperA

Exports

Exports

AnalyzeFile
GetTotalSignatures
IsDataBaseLoaded

Sections

.data
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ