18f05d6546ef7e942f36ce47bd3603c8_JaffaCakes118 | Triage

Sharing

General

Target

18f05d6546ef7e942f36ce47bd3603c8_JaffaCakes118
Size

116KB
MD5

18f05d6546ef7e942f36ce47bd3603c8
SHA1

1b8878f55235af305d7abfe82768d98e75bdcc88
SHA256

ac6fbfbf539638215c1d7f6887f2754d44e96c3d55eb1e2314af4c4378e9d647
SHA512

4f79d87bade783f02083eb782f03bf5b4d32321285f69d08d25c4512e1bd7f9f9232316664ed1975851edc51d40cec47776a2db7be869cb6cda1a4e77f24fc53
SSDEEP

3072:ewpeSJblsSA9RTWJ0hmgdNF3+0Xis7vr:XBJ+T9RTWJEmgdXOGp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18f05d6546ef7e942f36ce47bd3603c8_JaffaCakes118

Files

18f05d6546ef7e942f36ce47bd3603c8_JaffaCakes118
.dll windows:1 windows x86 arch:x86

919470868e53827b45729533d01609a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnumSystemLocalesA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsA
GetEnvironmentStringsW
GetFileInformationByHandle
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
LoadLibraryA
OpenFileMappingW
SetEndOfFile
SetFilePointer
SetStdHandle
UnhandledExceptionFilter
VirtualAlloc
lstrcpynA

Exports

Exports

CreateProcessNotify

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 81B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ