ee823713b4ac030e3c8c4f45498e3ca3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ee823713b4ac030e3c8c4f45498e3ca3_JaffaCakes118
Size

11KB
MD5

ee823713b4ac030e3c8c4f45498e3ca3
SHA1

01a32e82f4bdebe9ee7df9f801b51718e7b2919d
SHA256

ba441d398c0226de78719ed977dffbdb0b701ac34dcef79a9f4d1bf273346763
SHA512

c9a395d9d2f545cf423d95314a56ebae0c914a9b7221d3398b711c6018be5bb44d8179e19826a20deffec4e5d8012a33dfc2cf5fe7db52eb393fabeb9ff0ac0c
SSDEEP

192:7XUFxmPqjEYXXB3ZRxJIRcjXORrvGwEyTby7Pob1uFJjxrCMg:4zmPqjdXX17zIR6UywFy81uFJjxrI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ee823713b4ac030e3c8c4f45498e3ca3_JaffaCakes118

Files

ee823713b4ac030e3c8c4f45498e3ca3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f43e86e6013e3cfc60ee645c3250d354

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CloseHandle
LoadLibraryA
GetModuleFileNameA
PeekNamedPipe
GetExitCodeProcess
CreateProcessA
CreatePipe
ReadFile
GetLastError
WriteFile
WaitForSingleObject
FreeLibrary
TerminateProcess

user32

PostThreadMessageA

msvcrt

free
_initterm
??2@YAPAXI@Z
??3@YAXPAX@Z
strncpy
atoi
_stricmp
malloc
_adjust_fdiv
_itoa

Exports

Exports

CloseInput
DLLInfo
GetExitCode
GetProcess
ReadBinary
ReadText
ReleaseProcess
Remove
RunConsole
SetProcess
WriteBinary
WriteText

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ