085867602a3b24c94aa3070968898672_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

085867602a3b24c94aa3070968898672_JaffaCakes118
Size

36KB
MD5

085867602a3b24c94aa3070968898672
SHA1

24efb6132753866a2d66b86b0f996284522972fe
SHA256

66c14f6026609d4ec2fb79eb738a124686c9405f1fad2ea87dd2c27d0f2ea9a8
SHA512

1c400873aab90e53dc21be610184d11892b87df1e96e97e5c67c9da6d7e2499bd8b14391775843447c8e6789058437f578c2ecf8538e22a875a515e5b6f3607a
SSDEEP

384:XqLWeY0uhPz9cq1H0r7eK/jHhQ0rCTZfrqYwi:XqL3buhPzHE7XHhQoiZflwi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
085867602a3b24c94aa3070968898672_JaffaCakes118

Files

085867602a3b24c94aa3070968898672_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c6c5bed03188b143e49c75dc51c91b3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_initterm
??2@YAPAXI@Z
_adjust_fdiv
strncmp
strncpy
strtok
atoi
??3@YAXPAX@Z
_purecall
malloc
free
strchr
strrchr

advapi32

RegQueryInfoKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

kernel32

MulDiv
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAlloc
VirtualFree
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls

Exports

Exports

CanUnload
RMACreateInstance
RMAShutdown

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE