04570e606cbf1a8566d567e803cb5766_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04570e606cbf1a8566d567e803cb5766_JaffaCakes118
Size

152KB
MD5

04570e606cbf1a8566d567e803cb5766
SHA1

6fbd798d37b097f578ae91a46e5a701e632a73b7
SHA256

a8e643161103ef2013ca10971d096144bdf4312e5f0e847afc001bbebcab17d1
SHA512

dd3ab26d5857e36171b3ab2809c7927bde6fd1a2859a979f249fe26275c0d064c06bad85ec84361d7f5774a9f16d943ea43d803e98d33ef91e08a9a013de8265
SSDEEP

3072:FXp3tWSuXqOimFCOD3dGXdx/Qx3casHb+0wuhSrk:pjdu6OimFBdM/2sXCQv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04570e606cbf1a8566d567e803cb5766_JaffaCakes118

Files

04570e606cbf1a8566d567e803cb5766_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d364516500e62e9f2044d85a16fe3b5b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
Sleep
CloseHandle
WriteFile
CreateFileA
DeleteFileA
GetTickCount
FreeLibrary
SetEndOfFile
SetFilePointer
CreateThread
GlobalLock
GlobalAlloc
TerminateThread
LoadLibraryA
CreateEventA
GetVersion
ReadFile
GetFileSize
MoveFileA
PulseEvent
GetVolumeInformationA
GetDriveTypeA
GlobalFree
GlobalUnlock

user32

MessageBoxA
PostMessageA
wsprintfA

msvcrt

_strlwr
_stricmp
__CxxFrameHandler
_adjust_fdiv
_initterm
strstr
fwrite
fseek
fread
atol
atof
exit
sprintf
_ftol
free
malloc
fclose
fopen

Exports

Exports

Com
DScript
Dec
Ini
M2M

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 461B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ