JaffaCakes118_086b85d86b1f8d8ce1140c1df1e9e0168c86d39caf4b9c83a68169248d1bdaf2

General

Target

JaffaCakes118_086b85d86b1f8d8ce1140c1df1e9e0168c86d39caf4b9c83a68169248d1bdaf2
Size

693KB
MD5

b5685696a3d46cb8e9257165ec50803c
SHA1

a8bcbba52695ef94df2895de43970b508c2d6e64
SHA256

086b85d86b1f8d8ce1140c1df1e9e0168c86d39caf4b9c83a68169248d1bdaf2
SHA512

4e10ba19cca47013c1be5420971db0e63a8e8202642d3803c7a9711453a6b56f906856d05a749125a2203bd2b0a28f45a3d87b6b443928f245a354f45ba7ba39
SSDEEP

12288:gAtefwaqgab0YjX9e6h2mhpL47A+L+9g8R8s+bDFqEkvQwgh22ny0GxBsT:gAtuncCX0dg2gHs+bI7yy0B

Score

3^/10

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/oblot.dll

JaffaCakes118_086b85d86b1f8d8ce1140c1df1e9e0168c86d39caf4b9c83a68169248d1bdaf2
.rar
documents.lnk
.lnk
oblot.dll
.dll windows:6 windows x64 arch:x64

66356a654249c4824378b1a70e7cc1e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
DeleteFileA
LockFile
UnlockFile
WriteFile
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
CreateThread
GetCurrentThreadId
GetModuleFileNameA
SwitchToFiber
DeleteFiber
CreateFiber
ConvertThreadToFiber
CreateFileMappingA
GetCurrentActCtx

Exports

Exports

SjVjlixjPb

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ