ed9a1e82e74e1a3e4b3389f5dcddf98f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ed9a1e82e74e1a3e4b3389f5dcddf98f_JaffaCakes118
Size

28KB
MD5

ed9a1e82e74e1a3e4b3389f5dcddf98f
SHA1

28fce0201bbb609e765ce03214083a8eb4385b60
SHA256

2ff2de062079d3fc5600ce9e5b773e9435e95bb4a9bd33a8c416525aa8845f75
SHA512

78a126add25dc3b9a0c212e05dae541d95228b06ef138a963e6a26ea309b9aed5346ac7e770984fa19a10e34def1bcd8e9e90373cd1e02ba00fee31651433dc5
SSDEEP

384:XeAHMwwIeGIkWZLMWajzvbgmTpLbpmReQGztC/kqYz:OMMAvIkW1rajJFLYeQG5EkX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed9a1e82e74e1a3e4b3389f5dcddf98f_JaffaCakes118

Files

ed9a1e82e74e1a3e4b3389f5dcddf98f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ec36c798e2a996d61a5e7f8419543c96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
LocalAlloc
lstrcpyn
lstrlen
MultiByteToWideChar
VirtualAlloc
VirtualFree
VirtualProtect
WideCharToMultiByte

user32

GetWindowDC
IsWindow
KillTimer
LoadCursorA
LoadIconA
LoadStringA
MessageBoxA
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
ReleaseCapture
ReleaseDC
SendMessageA
SetCursor
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetPropA

gdi32

CombineRgn
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetPixel
GetStockObject
MoveToEx
Rectangle
RestoreDC
SaveDC
SelectObject
SetBkColor
SetBkMode
SetBrushOrgEx
SetPixel
SetStretchBltMode
SetTextColor
SetWindowOrgEx
StretchBlt
TextOutA

shell32

ShellExecuteA
SHGetPathFromIDList

Sections

CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

CRT
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE