ec79b019244349ffb14b031af93ddb13_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec79b019244349ffb14b031af93ddb13_JaffaCakes118
Size

104KB
MD5

ec79b019244349ffb14b031af93ddb13
SHA1

1148b1b5c7ad69ce5373ae0cded3ebf8b9fc4e18
SHA256

76fea51f3af275b8992a2d714548adaa03c5321e502396d919f73a9bd81d17b3
SHA512

ceb9415c5ae236466d57cda242086efbb25b121511a3f491b6a3198fb3b938f2f7e446ddd5d55bd5f833b5167e9a2e7ac7e44ab4216f664732748ffbb1b9557f
SSDEEP

3072:tODVii0IlTXUfm7vLOiBPhQllRxy5u4E:UDVp/lTEAvSiyRk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ec79b019244349ffb14b031af93ddb13_JaffaCakes118

Files

ec79b019244349ffb14b031af93ddb13_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

726616a8a1b02cabe35d6935c901a161

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
FreeLibrary
WaitForSingleObject
GetTickCount
CreateProcessW
GlobalAddAtomW
lstrcpyW
GetProcAddress
GlobalUnlock
MoveFileW
ReadProcessMemory
WritePrivateProfileStringW
CancelWaitableTimer
DeleteFileW
LoadLibraryA
FindNextFileW
SetWaitableTimer
GlobalFree
GetCurrentThreadId
GetFileSize
GetCurrentThread
GetFileAttributesExW
WriteFile
GlobalDeleteAtom
CloseHandle

gdi32

SetBkMode
CreateBitmap
SetMapMode
GetClipBox
SetDIBits
CreatePen
CreateRoundRectRgn
SetBkColor
MoveToEx
SetTextColor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.qleode
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qdasiy
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zlwob
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ