1190ce6cb89c63d0f85bfeb17109ffdc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1190ce6cb89c63d0f85bfeb17109ffdc_JaffaCakes118
Size

86KB
MD5

1190ce6cb89c63d0f85bfeb17109ffdc
SHA1

edb1948edbfa962bb3c0499b45ae705b99aec8b8
SHA256

bbd625670d0c195bd6a39ede1def80631e1cf3213a84fe6497d2830586be65a0
SHA512

db97af161b04b77745859c8d13c8f0b2dd3cdd9fd030de4801d802ea6aa038cf951cd6c43f41dc9b3e29ff76abd9953a34a0b4138cd358985a0b9a58fd772c6f
SSDEEP

1536:Q/ODAwpdUzSyer0xhb14mOFjJATx4aGtD2KnrozRKwwvh:0fYdbr0xBKmOFjJAl4aE2KnUswsh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1190ce6cb89c63d0f85bfeb17109ffdc_JaffaCakes118

Files

1190ce6cb89c63d0f85bfeb17109ffdc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

545386444bed56ef3d3b043c89afc182

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
VirtualAlloc
HeapAlloc
HeapFree
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
VirtualFree
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

ltkrn13n

ord192
ord189
ord312
ord125
ord188
ord282
ord283
ord191
ord190

Exports

Exports

DllMain
fltDeletePage
fltInfo
fltLoad
fltSave

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 814B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ