38645d59853d2b309798f3836778db12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38645d59853d2b309798f3836778db12_JaffaCakes118
Size

76KB
MD5

38645d59853d2b309798f3836778db12
SHA1

919dcb1bb27eadd7e1dd530d8f87fc632517047b
SHA256

b757e07c5babb3f1c3233f27cf7b3df14155ae7ab9ca090190281a1a5b468aaa
SHA512

40e4b644314a6985ee05826b9622a47ea7369b49dabce47aa433faa9a5d096eacec735da5b92a618a238f43e8717dc78c10141de3a8d18a2bacb40316a9825df
SSDEEP

1536:plkM39sSCgsqVS3imWv/1noxNPH/UO5BVNqwwf1:zkMN/mqVS3imWnpo/PfUO5Bnqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38645d59853d2b309798f3836778db12_JaffaCakes118

Files

38645d59853d2b309798f3836778db12_JaffaCakes118
.dll windows:4 windows x86 arch:x86

68a1795ba69402cfadbdba230afff3f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
SetHandleCount
lstrcpyA
LoadLibraryA
VirtualAlloc
HeapAlloc
HeapFree
WriteFile
WideCharToMultiByte
GetEnvironmentStringsW
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapDestroy
HeapCreate
FreeEnvironmentStringsW
GetCPInfo
GetFileType
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings

ltkrn13n

ord192
ord189
ord312
ord282
ord283
ord188
ord190
ord191

Exports

Exports

DllMain
fltInfo
fltLoad
fltSave

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ