3e8ee9bd20f3df3576c89ca8f0041840_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3e8ee9bd20f3df3576c89ca8f0041840_JaffaCakes118
Size

101KB
MD5

3e8ee9bd20f3df3576c89ca8f0041840
SHA1

97c7dd2b2e4d83397559a0685c71f976205dd5ff
SHA256

fc096cb078b8e39771cc1dec06139697a25581db5c90b05dd93e4c5e949fd791
SHA512

2708d82e0517339eddd14cf9e6c78d4d0a14d97ed4adbda82d3f705253cdb4e06b30a4e6a9d4f50fd0b38fd3a60d12fa1cee8c42761a235546bec1740fc6cef0
SSDEEP

3072:bLsj3Cl2LfEyX6TocotaYbYH2G6FeoyWtAv:RCXvxYWGGnyWK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e8ee9bd20f3df3576c89ca8f0041840_JaffaCakes118

Files

3e8ee9bd20f3df3576c89ca8f0041840_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0ff458a2896bd060914d732a79cff007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
SetComputerNameW
SetUnhandledExceptionFilter
GetSystemDirectoryW
GetCurrentProcessId
SetFilePointerEx
LockResource
GetVolumePathNameA
ReadFileEx
GetShortPathNameA
CreateWaitableTimerW
GlobalGetAtomNameW
PostQueuedCompletionStatus
FileTimeToSystemTime

msvcrt

rand

Exports

Exports

RidFindDesktop
RidRemoveDesktop

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 300B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ