409c993f6313aec1a7fc10963c6e8854_JaffaCakes118 | Triage

Sharing

General

Target

409c993f6313aec1a7fc10963c6e8854_JaffaCakes118
Size

18KB
MD5

409c993f6313aec1a7fc10963c6e8854
SHA1

dbaec4be4855fb3f599dade58a3f9d83d9ff643d
SHA256

7ed31e734b3bf2e739c5fe686102ed72e7b63b000626f75a3e3bafdf87a0657b
SHA512

6aad4f1e9870ea6b12799292e23b41cc643ccf61bdfbea4f842ad17cfeced02fa1ba404af0e98471e9aadb8c12deecd7a57fc12ab1b8cea65fcdf81a8db32b64
SSDEEP

192:4opahPNaS4Kj44RSMU4m/OKSLrOl5sarX4/NWy+TDc9vT4QVJqHXBfKvet+hViS:4opahPNar62O5ul55LgWf8VJyFGetUE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
409c993f6313aec1a7fc10963c6e8854_JaffaCakes118

Files

409c993f6313aec1a7fc10963c6e8854_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

banben
weimei

Sections

.text
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ