0b02013743fa0f0beb249a9740c96837_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b02013743fa0f0beb249a9740c96837_JaffaCakes118
Size

161KB
MD5

0b02013743fa0f0beb249a9740c96837
SHA1

87860f2860208dbda55ac5974173c1ef1b27679f
SHA256

77b9f9c70a5bede0eea3a52b427f83b6f8db429686b2b3558abc58d8385853aa
SHA512

94e96fd05fbf3f5ba62a5eee7857a3279de75238b068c874321f82c16da02747f571af317eadb54856ee1ba8a9d265f896ca74887102dd0c9bd5a529a3351f55
SSDEEP

3072:pDP6JKbsSpiXkrljDaShkmO5JWqsqePDbkpt7volzTdEP:V/bxrljFumOejqeP8ptr4i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b02013743fa0f0beb249a9740c96837_JaffaCakes118

Files

0b02013743fa0f0beb249a9740c96837_JaffaCakes118
.dll windows:4 windows x86 arch:x86

134be83da7f5ba09a280787645bf9136

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
GetACP
GetCommandLineA
GetCurrentThread
GetFileTime
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemTimeAsFileTime
HeapAlloc
HeapCreate
IsValidCodePage
LoadResource
MultiByteToWideChar
RtlUnwind
SetEndOfFile
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess

msvcrt

realloc
strpbrk

user32

SetDlgItemTextA
SetScrollInfo
SetWindowTextA

oleaut32

GetErrorInfo
VarBstrCmp
SysFreeString
SafeArrayCreate
SafeArrayAllocDescriptor
RevokeActiveObject
RegisterTypeLi
ClearCustData
OleTranslateColor

shlwapi

PathFindOnPathA
PathGetDriveNumberA
SHDeleteEmptyKeyA
SHDeleteValueA
SHEnumKeyExA
PathFileExistsA
ChrCmpIA
PathAppendA
PathBuildRootA
PathCombineA

Exports

Exports

NxCookClothMesh
ReadEapcfgList
W32N_GetNetCardRegistryPath

Sections

.text
Size: 103KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ