2b423ebd22d84c6cf2c9c88fe29eb6cd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b423ebd22d84c6cf2c9c88fe29eb6cd_JaffaCakes118
Size

20KB
MD5

2b423ebd22d84c6cf2c9c88fe29eb6cd
SHA1

cfd7b1380b5b2146e2bc4036bbb449eb6f92a99c
SHA256

b684695114c3aeaf46445d46a716ef4dfcec98603bcc974975c0f057a2cee1cb
SHA512

83229d628986156746ea519c1eb8d6fe33d4416c16f26466c3d7a8fb82188267999cb566847c90a36915742bca5f20e708af611952d704eaa0bdaf87feb361f5
SSDEEP

96:06jn/zO/Tdx1G0/dMe3GvgVwLZ2CDX2pB78t:noTdTj/djGvt0Tt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b423ebd22d84c6cf2c9c88fe29eb6cd_JaffaCakes118

Files

2b423ebd22d84c6cf2c9c88fe29eb6cd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

14d3c50321744c8753a255df058bea3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
strstr
free
_initterm
_stricmp

kernel32

lstrcatA
lstrcpyA
Sleep
Thread32First
Process32Next
GetCurrentProcessId
CloseHandle
Process32First
CreateToolhelp32Snapshot
CreateThread
Thread32Next

user32

GetWindowTextA
EnumThreadWindows
GetClassNameA
FindWindowExA
SendMessageA
SetWindowTextA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ