ef8d320e654e70c3e14ebb600d57094a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef8d320e654e70c3e14ebb600d57094a_JaffaCakes118
Size

97KB
MD5

ef8d320e654e70c3e14ebb600d57094a
SHA1

16256e4d277020aed664590659b351ec7818c7c0
SHA256

9b12ce826bc4af177c103e0af19241523f6461fcaf6debd590a9bfda8b6ab9a1
SHA512

1cba6da1e941fa8402bfd07a13985da3e8ad30f128e6140ffc96b9fe11fb84d78f6d7be9d2ffdc4bb470028b7cd2662d4acebd4f504b401f4ae86a287c8db219
SSDEEP

768:/OrHz6dEZHusm5gVZc3AwI23nd2rDG1CyFOIjJ/Y:mwkO76c3A6XgrD3eOIjq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef8d320e654e70c3e14ebb600d57094a_JaffaCakes118

Files

ef8d320e654e70c3e14ebb600d57094a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b4adfa3c932bd4e0b3e8a5f704aefe7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetEnvironmentVariableA
GetFileAttributesA
GetFileSize
GetLocalTime
GetProcAddress
GlobalAlloc
ReadFile
SetErrorMode
Sleep
VirtualAlloc
WaitForSingleObject
lstrlenA
FormatMessageA
FindClose
EnterCriticalSection
DeleteFileA
CreateThread
CreateIoCompletionPort
CreateFileA
LoadLibraryA
CloseHandle

advapi32

RegQueryValueExA
RegQueryValueA
RegEnumValueA
RegEnumKeyExA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegSetValueExA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CascadeWindows
CharNextA
CharNextW
CharUpperBuffA
CheckDlgButton
ClientToScreen
CreatePopupMenu
MessageBoxA

Exports

Exports

SfcGetFiles

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ