7ef8cd0a29c3dfa39a5a98cf7c086ae9_JaffaCakes118 | Triage

Sharing

General

Target

7ef8cd0a29c3dfa39a5a98cf7c086ae9_JaffaCakes118
Size

1.2MB
MD5

7ef8cd0a29c3dfa39a5a98cf7c086ae9
SHA1

b6f558f6460c3fdd0029860e38a08eee31941c01
SHA256

1322ae78c8352abc316a3ec642f8acf7a0187d2796bfd67c53fd64722bdcba6d
SHA512

d8a8d6fc34003d726ccd16bc1dabde97d63bcb32d5714478b08c98d6237fa06cffeb79ce9c51c1e11e6a00e96fa0a6df90ced26f6e51a3ff70626d0f67704483
SSDEEP

24576:S8r6tuuWnigUAOJtWmEBMoBBX3muHJ1JD:+FlznPWmEaonX3pH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7ef8cd0a29c3dfa39a5a98cf7c086ae9_JaffaCakes118

Files

7ef8cd0a29c3dfa39a5a98cf7c086ae9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

48d1776b689e7d6ca98acc51547d48cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

wherhw#@hre.pdb

Imports

kernel32

SetCriticalSectionSpinCount
GetModuleFileNameW
FindNextFileW
QueryIdleProcessorCycleTime
GetModuleHandleA
GetProcessHeap

gdi32

ModifyWorldTransform

shlwapi

GetMenuPosFromID

msvcrt

memset
system

advapi32

IsTokenRestricted

wininet

FindNextUrlCacheEntryExA

user32

GetActiveWindow
GetCursorInfo
FillRect

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 680KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erloc
Size: 400KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ