1d8d249cf2bfe6bbf991cab490203d24_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1d8d249cf2bfe6bbf991cab490203d24_JaffaCakes118
Size

347KB
MD5

1d8d249cf2bfe6bbf991cab490203d24
SHA1

44cf66960ae7268ae38948ae71efe4a13b35cabe
SHA256

24e61fac48e1e532432ac1994a0171b70b0ec5c30b45490d3c28fbb2145b173e
SHA512

4edcd0b43281136c0768c2ef08e17295aefc97bf1db3af3f2334cada9a08fc4765faef42e728b18a3a92c48f9c1c1502f664a90a190c8ef0fb4ed031fe7a3e93
SSDEEP

6144:muLayxI7hCoFPAiNMdixNQ8CLwBN9/46oSnmlBNicMpIFVH:VaQuhTFPfbzFCMBr/4bSnm3oIFx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1d8d249cf2bfe6bbf991cab490203d24_JaffaCakes118

Files

1d8d249cf2bfe6bbf991cab490203d24_JaffaCakes118
.dll windows:4 windows x86 arch:x86

eb8ce8d6456329b7038389384482d394

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

mfc42

ord825

msvcrt

tolower

kernel32

FindNextFileA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

GetDesktopWindow

advapi32

RegEnumValueA

ws2_32

bind

shlwapi

PathIsDirectoryA

ole32

CoCreateInstance

oleaut32

SysAllocString

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

netapi32

Netbios

Exports

Exports

Dispatch
InputFile
PrintFile

Sections

.text
Size: 322KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE