f9e9958568fa5a816647f7b419e1bf60_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9e9958568fa5a816647f7b419e1bf60_JaffaCakes118
Size

53KB
MD5

f9e9958568fa5a816647f7b419e1bf60
SHA1

6505b914c3e90e4edc074cf9c13795be98f1593d
SHA256

1eace16d38f3efde46ffea45b798e72e902e03a0eab65436ea2d8d3f58ba0b64
SHA512

e0c3121d5b96ce90bcb8703d25694c5c89af4db87e9796374d71f1eaf177b88c1286e1b1af9c8b88c0c2667be72ccfc7efeb967cca7188af97bafc4f8643a9a3
SSDEEP

1536:qvnV04qDSiTY7NwU7MFRLZE2bu94vL9W:5IiT+TgFRLG2bF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9e9958568fa5a816647f7b419e1bf60_JaffaCakes118

Files

f9e9958568fa5a816647f7b419e1bf60_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8ee81745aa6198e20ff3b9df68ac69a1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CloseHandle
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
GetModuleHandleW
LocalFree
FormatMessageW
GetVersion
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
LocalAlloc
GetLocalTime
lstrcatW
lstrlenW
lstrcpynW
GetCommandLineA
GetTickCount
GetSystemTimeAsFileTime
VirtualProtect

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

ole32

IIDFromString

msvcrt

wprintf
__CxxFrameHandler
_except_handler3
_amsg_exit
_wcsicmp
free
malloc
exit
_initterm
_XcptFilter
atoi
memcpy
_snprintf
_adjust_fdiv

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ