253a6aad6439d3da58bf01148c18232a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

253a6aad6439d3da58bf01148c18232a_JaffaCakes118
Size

7KB
MD5

253a6aad6439d3da58bf01148c18232a
SHA1

4ba9d0cfbd13df3f4fbf0d2634b8378ea9b2c526
SHA256

0ab4999a0bbafdc0c25216f3a1e2879805c232e4187d3981d9e780dacecacce7
SHA512

9a44d24dce255f217b272978d57bbd642c3dfa9f1e70b85e0171cbbf3366d46d52230b0126ba9d46e8483ed7e0397ff7633e4eaf6d57547a6559f409879d2090
SSDEEP

96:8JWoJRZuUFUNulw2N5YWKsIAjC+XKgmaxmHsWyDMqz2UU7IiuV3oK7royl:uWOR9Kj2NVEgC+agmax8yDg1uV3Xro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
253a6aad6439d3da58bf01148c18232a_JaffaCakes118

Files

253a6aad6439d3da58bf01148c18232a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

da70d61a85b83cc5a5c9716d91437ff3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
_except_handler3
strrchr
strcpy
memset
strlen
strcat
__CxxFrameHandler
sprintf

kernel32

HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
WriteFile
SetFilePointer
CreateFileA
IsBadReadPtr
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
lstrlenA
WideCharToMultiByte
FreeLibrary
Sleep

user32

wsprintfA
wvsprintfA

mfc42

ord690
ord5356
ord800
ord5807
ord537
ord5204
ord6426
ord389

Sections

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ