37b85accb50d5a0fcb79e7ae1befc182_JaffaCakes118 | Triage

Sharing

General

Target

37b85accb50d5a0fcb79e7ae1befc182_JaffaCakes118
Size

112KB
MD5

37b85accb50d5a0fcb79e7ae1befc182
SHA1

bb6885b83ffb30f827594f897fd3a89e0a7bbbec
SHA256

1043ffc8d61a37d71f9e11699d34057006d6135a02b4482d41b4e30721b93132
SHA512

ab6b6bb07df681864103ba1caf0412dd8ae3816e4936414323d664fc1ad171a191f596b750f33889728971a202e80ffe3d3f496e04f6d18a13e7198c8f995a04
SSDEEP

1536:JgMMydm6JJvdjsoSA9QR9ZkJi5DIJ41TZg7gj1/Y7twV5v:JRJvBsoSAqR92v6tKgj1/mtwV5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b85accb50d5a0fcb79e7ae1befc182_JaffaCakes118

Files

37b85accb50d5a0fcb79e7ae1befc182_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8059eefe61ebe5d08312685a17e9217e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

sprintf
rand
tolower
strchr
??2@YAPAXI@Z
printf
__dllonexit
_onexit
_initterm
_adjust_fdiv
realloc
free
malloc
_purecall
??3@YAXPAX@Z
strrchr
_putenv
_stricmp

kernel32

DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
SetErrorMode
LoadLibraryA
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement

user32

CharNextA
GetSystemMetrics

Exports

Exports

RMACreateInstance
RMAShutdown
SetDLLAccessPath

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE