16db54374ab292954312bff0e6034d83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16db54374ab292954312bff0e6034d83_JaffaCakes118
Size

40KB
MD5

16db54374ab292954312bff0e6034d83
SHA1

7a86c82cf4df7c8569ac3a6572c9bf4119f3c47c
SHA256

12c221790b537706478d4753a7d64d2d3d4fc91dcdb7e9189df78c20f39dd6eb
SHA512

541defb619ad432fb1610d6885df42af44f6f8bd99231f12f7a29c452ee12610e38ef313f452c5dcead299b51a59ace46320e8d5be6d4786d0f1fa4a9fc34f51
SSDEEP

768:yqQjtuxaor0LkMn2tgBSbqYwVL86726TKSSN9yqW:yntKX4LPYgBSu9LL7ySC9yR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16db54374ab292954312bff0e6034d83_JaffaCakes118

Files

16db54374ab292954312bff0e6034d83_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2a7e2418be8a09fc671a0ee84b34f19e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
ExitProcess
lstrcmpiA
VirtualProtect
IsBadReadPtr
GetProcAddress
LoadLibraryA
CreateThread
GetModuleHandleA

user32

MessageBoxA
DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SendMessageA
KillTimer
GetMessageA
DispatchMessageA
TranslateMessage
SetTimer

Exports

Exports

func1
func2
start

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ