fb821ef6d373fa7845fe9250f7971696_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb821ef6d373fa7845fe9250f7971696_JaffaCakes118
Size

7KB
MD5

fb821ef6d373fa7845fe9250f7971696
SHA1

07202cd352bd7db473a138524fb4630c46d65bae
SHA256

18ff620bc060a315870cd806d20b6bf9c391d57789c9616154126473462bdb07
SHA512

8526cbefb79036c957884806f218350f9d4860f497523b69bc1cab803bcfddaa28da0186700508d1442635738b5f497c9f9c79b90259eac75ee778f81fa8a151
SSDEEP

96:TyxEXtVR0Ookmnzh4IDaEbtxUZj3Nx09/GdD+HR9+HK1oak9gk:+xEdLNnefijdxY/GdCHREHKg9gk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb821ef6d373fa7845fe9250f7971696_JaffaCakes118

Files

fb821ef6d373fa7845fe9250f7971696_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9829406bf01e7d144e29a4afe9142f93

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXImportCertStore
CertFreeCertificateContext
CryptMemFree
PFXExportCertStoreEx
CertCloseStore
CertOpenStore
CertCreateSelfSignCertificate
CertStrToNameA
CertGetNameStringA
CertDeleteCertificateFromStore
CertAddCertificateContextToStore
CryptMemAlloc

kernel32

GetFileSize
CreateFileA
ReadFile
WriteFile
lstrlenA
HeapAlloc
GetTempPathA
GetProcAddress
LoadLibraryA
FreeLibrary
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
CloseHandle
GetSystemTime

user32

wsprintfA

advapi32

CryptGetProvParam

Exports

Exports

ExportSert
RemoveSert

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ