ebe73481685446f047b3fb8693a20086_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ebe73481685446f047b3fb8693a20086_JaffaCakes118
Size

5KB
MD5

ebe73481685446f047b3fb8693a20086
SHA1

147a67f74d1d71ce0d00102ca0587b3064bb0d7c
SHA256

c42fa883b906c57b6b70b4e68f803a13cfc08d65be0417988f1b153993fef2f0
SHA512

408281a5d1dcb7e9696a59b589bf363f09ff55c8abb271cb77ff45211cc912661bbba11c04ac6b1a232d656ce695824eec0e39e61a8df1499824352de91002e8
SSDEEP

96:Crm6kQ1UfHtSSooVJ/WYBzvQsR6lezn5qIO:h6UHKG7BzVR6lez5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebe73481685446f047b3fb8693a20086_JaffaCakes118

Files

ebe73481685446f047b3fb8693a20086_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c429c88b53fc1a077e0f3aac1654b456

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr90

_crt_debugger_hook
sscanf
srand
rand
strcat
_time64
strstr

kernel32

TerminateThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
ExitThread
FreeLibrary
Sleep
GetProcAddress
LoadLibraryA
HeapAlloc
CreateThread

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ