4184f449a396193e488eae018c1fc925_JaffaCakes118 | Triage

Sharing

General

Target

4184f449a396193e488eae018c1fc925_JaffaCakes118
Size

20KB
MD5

4184f449a396193e488eae018c1fc925
SHA1

a8e31989d9fc2783fb7a3ecdfa0e4e669f4758fe
SHA256

6c145dd6b702b16b5a743beaf25a64d9379b3075da4638020b0b05368454c7aa
SHA512

395d871770a1dd155132bdbee20082288c9ff1a031890b5afdb71ed04c7bffaac7215f8f72deca254af7145d3335ec260826e55aab27248a0f07b149c881dd60
SSDEEP

96:baIXa4a+TqM6xq9/91ofgY6mDmPIE9ilY5ntB4m8:OIq4atM5dz+j6mDmwE9ilY5ntOx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4184f449a396193e488eae018c1fc925_JaffaCakes118

Files

4184f449a396193e488eae018c1fc925_JaffaCakes118
.dll windows:4 windows x86 arch:x86

920fc6a7874716627e54e73868d2d339

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

CreateThread
ReadFile
DisableThreadLibraryCalls
GetModuleHandleA
GetProcAddress
ExitProcess
CloseHandle
DuplicateHandle
GetCurrentProcess
GetLastError
CreatePipe
WriteFile
GetExitCodeThread
WaitForSingleObject
GetExitCodeProcess
CreateProcessA

user32

MessageBoxA

Exports

Exports

GetLVSBHeader
SetLVRTModule

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 757B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 242B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ