57629c3cc162c91fc162a3037593a2b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

57629c3cc162c91fc162a3037593a2b9_JaffaCakes118
Size

125KB
MD5

57629c3cc162c91fc162a3037593a2b9
SHA1

b2083c09236f84f8e5c0a70ad2b63a12e76b785a
SHA256

5f4735ef4c07c1d218e79c1ba969732e6b403aa200fbc58f26b5b4088a9c8c0e
SHA512

6b9db2ff69f008a38f12c67b407ccb50b2c981afbe05998dab017f53b570771eac6e7a40f480a6437c2184b78f229f3bc0842052f36c689af8e4f9193505cdb3
SSDEEP

384:ZsuIp1isuipwKCYCi6xvNu8oemX6BrYcTGAIkB9L:GlGsLwKCni6VNu8lmXOZH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
57629c3cc162c91fc162a3037593a2b9_JaffaCakes118

Files

57629c3cc162c91fc162a3037593a2b9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

79e869484fd4a51e0658a98d6f44c9cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIW

kernel32

GetCommandLineW
GetProcessHeap
SleepEx
CreateThread
CloseHandle
UnmapViewOfFile
VirtualAlloc
MapViewOfFile
GetProcAddress
GetModuleHandleA
ExitProcess
HeapAlloc

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ