18592efcf0be771be7c5738d1e183485_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

18592efcf0be771be7c5738d1e183485_JaffaCakes118
Size

192KB
MD5

18592efcf0be771be7c5738d1e183485
SHA1

b4d4d69349db1f0d10e135c05bc744815e7c7fc6
SHA256

4fcb076bc9132c7d9f5dc8ffa9c3af093576c384706c9902dd37203a56295746
SHA512

2956b317ad2950e89498d57792367fd7ad7526f036d2e7f8d92e36ec45070df6e2ba22ab6753f01f217b4191c0574a130a7e292a35c76f2bccfc13fc9a5c630e
SSDEEP

3072:tCuJD3qSaAGUY8jbtT+xKcd6cgMWFHfk+PVWpCVCk8YzW:ScRYStTeKw6RHflVgCVCkA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18592efcf0be771be7c5738d1e183485_JaffaCakes118

Files

18592efcf0be771be7c5738d1e183485_JaffaCakes118
.dll windows:5 windows x86 arch:x86

3125578cbbbc28b6032e9fd023feeac2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTime
QueryPerformanceCounter
ReleaseMutex
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
DeleteFileA
WaitForSingleObject
lstrcmpA
GetProcAddress
LoadLibraryA
GetCommandLineW
ReadFile
VirtualAlloc
TlsSetValue
CreateMutexA

gdi32

GetStockObject

msvcrt

__dllonexit
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
_adjust_fdiv
_controlfp
_initterm
_onexit
_wcmdln
_wfopen
exit
wcstok

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ