f5235f86d622026095b77038f6660234_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5235f86d622026095b77038f6660234_JaffaCakes118
Size

64KB
MD5

f5235f86d622026095b77038f6660234
SHA1

c29de6302017f7c2c11994256c3e57a51e374771
SHA256

e58eded92410b67e2beb6edea0ab6b8ea3212ea90e5933eb3b08ebdc48458a3f
SHA512

2f9d0f251a9021b3301bc712885c500b111e40586354567c46a6dae1a504ed0c23b8e0398b495e28daab5523f2657ac431e3c8be642e0d75c959a64cf413470a
SSDEEP

1536:94eZkutLranF05loF+mFO/eH35U+h+R8YKS:9ZlL9aF3FOmHnsRjK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5235f86d622026095b77038f6660234_JaffaCakes118

Files

f5235f86d622026095b77038f6660234_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c22074944c43e016c550e585d0922923

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FlushViewOfFile
lstrcpy
GetCurrentProcess
WriteFile
CommConfigDialogA
GetProcAddress
Process32Next
GetTickCount
TransmitCommChar
WritePrivateProfileSectionA
GetEnvironmentStringsA
EnumResourceLanguagesA
FindFirstFileExA
lstrcpynA
HeapSize
FindAtomA
UnlockFile
AddAtomA
IsBadStringPtrA
GetDllDirectoryA
PeekNamedPipe
VirtualAlloc
SetTapeParameters
MulDiv
IsBadHugeReadPtr
SetConsoleCursorMode
FindResourceExA

wininet

InternetGetConnectedStateExA
InternetQueryDataAvailable
InternetUnlockRequestFile
InternetCrackUrlA
FindNextUrlCacheEntryW
FtpSetCurrentDirectoryW
ResumeSuspendedDownload

Exports

Exports

CreateFmbdqeqw
Hwdfkbdd

Sections

.rtext
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ