05f37068517d41658c6e1e36e05145f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05f37068517d41658c6e1e36e05145f1_JaffaCakes118
Size

252KB
MD5

05f37068517d41658c6e1e36e05145f1
SHA1

f854050f595209d0730485a1f24ce58ed168e33c
SHA256

e799ba1380d47b5a2f7046a72741aedc005d3e9c70d6a90347fd3db4d25397a8
SHA512

60e70aaf54ae4ecdc7ca0d49280eb53fe0019ed7ec5b50693d9e1f5244540b3e507668b7305cd70552996373da19905d611ad60d08074b760f5a42521646c269
SSDEEP

6144:lVoGhBpuiSFBrIp7sHIX9wNJtLDcH4LGa+VWzo29s/tStgu:lVJh6iSjK7gRTDprN9yotgu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05f37068517d41658c6e1e36e05145f1_JaffaCakes118

Files

05f37068517d41658c6e1e36e05145f1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4fbe2128ec10da570c6c264db8e410b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetVersionExA
CreateEventA
ExitProcess
GetCommandLineA
DeleteCriticalSection
VirtualAlloc
ExitThread
GetModuleHandleA
GetACP
GetCommandLineW
IsBadReadPtr
Sleep
EnterCriticalSection
DeleteFileA
CreateFileA
GetLastError
CompareStringA
CreateThread
CloseHandle
LoadLibraryA

Sections

CODE
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 415B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ