095fa2aa6bb08b9c1c474d1de7ac1911_JaffaCakes118 | Triage

Sharing

General

Target

095fa2aa6bb08b9c1c474d1de7ac1911_JaffaCakes118
Size

90KB
MD5

095fa2aa6bb08b9c1c474d1de7ac1911
SHA1

53ae393ce79c191f1e599f0cba4799bac0a1a24e
SHA256

64fb50fd4409f0fcbc451a7204e09d7dcfac025936bac1f4fd1b8c81f574ffe0
SHA512

60ce3f80255267cc85909a04e726cf732d1f47b41b7e81584c3291cbace33178c8cab859306d17cb885f2af427c6fef34f86fe84ffdc380c9c78dba6c50b4916
SSDEEP

1536:5fOgwEzdUzSyu3J0NGaXSa08PBT4okrSDtpr1plHbU5kh:5TNzdZKNTSaXepqtprbpI5kh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
095fa2aa6bb08b9c1c474d1de7ac1911_JaffaCakes118

Files

095fa2aa6bb08b9c1c474d1de7ac1911_JaffaCakes118
.dll windows:4 windows x86 arch:x86

545386444bed56ef3d3b043c89afc182

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
VirtualAlloc
HeapAlloc
HeapFree
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

ltkrn13n

ord192
ord189
ord312
ord125
ord188
ord282
ord283
ord191
ord190

Exports

Exports

DllMain
fltDeletePage
fltInfo
fltLoad
fltSave

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ