037102c7aab2129e63e75c7c66960658_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

037102c7aab2129e63e75c7c66960658_JaffaCakes118
Size

9KB
MD5

037102c7aab2129e63e75c7c66960658
SHA1

045ab8c57890d5cf12d021b34a4390b3622d9a32
SHA256

acae723bc8516e402fb524a4e63ef20709910337af1ef5b2f73770ca3d33d54d
SHA512

35bca90f37c752e166d032a625848540196284ba5f706960b9640b50f2e93fdba89100c0d3aa0be83fe68d0d2c825914c3106522f9327a9885a4711edf3a42af
SSDEEP

192:YjKWtnMJ5kotm7FWheoNzGSS5YLQa+ddDu3SSkImn:sVtMz6RWh3oYLhcp1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
037102c7aab2129e63e75c7c66960658_JaffaCakes118

Files

037102c7aab2129e63e75c7c66960658_JaffaCakes118
.dll windows:4 windows x86 arch:x86

639d69af2501c862256724a21f8a368a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
CompareStringA
IsBadReadPtr
LoadLibraryA
GetModuleHandleA
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
OpenProcess
lstrlenA
GetCurrentProcessId
CopyFileA
DeleteFileA
GetSystemDirectoryA
GetTickCount
CreateThread
GetPrivateProfileIntA
GetCurrentProcess
FreeLibrary
GetModuleFileNameA

user32

wsprintfA
GetWindowThreadProcessId
FindWindowA
SetTimer
KillTimer
TranslateMessage
DispatchMessageA
GetMessageA

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ