09b96499a61018eb6b1460d5b0b881a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09b96499a61018eb6b1460d5b0b881a8_JaffaCakes118
Size

262KB
MD5

09b96499a61018eb6b1460d5b0b881a8
SHA1

e0bb209e0373209015a241b72534ac1880ee5e0f
SHA256

28f03f944d7f863446271c71b48c50fe35401501bd21b9b48af9da92eb63c5f7
SHA512

16fe2ee4a05a1e79c1b97afa1810957db8955275830f192102985c2fa480e057c1ce8f6fe908db928874a58d0ad4fd48d264861a3e3637addcf3a1b52fe16233
SSDEEP

6144:Twmqh5wcYl8fYvSdJEgKD+pEUP4QcYD/QdIC/V9t+72rhSI:t4wvvW+O9P4QcYDo62+72r1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09b96499a61018eb6b1460d5b0b881a8_JaffaCakes118

Files

09b96499a61018eb6b1460d5b0b881a8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8551a73e67b1c94f4726e06d1c69e678

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

LoadCursorFromFileA
LoadAcceleratorsW
LoadAcceleratorsA
GetWindowTextA
DestroyCursor
CreateDesktopW
CharPrevA
CharNextA

kernel32

OpenFileMappingA
lstrcpyA
lstrcmpiA
VirtualAlloc
UnmapViewOfFile
TlsSetValue
SleepEx
ReadFile
OpenFile
CloseHandle
CompareStringA
EnumResourceTypesA
FindResourceA
GetCommandLineA
GetSystemTime
GetVersion
InitializeCriticalSection
LoadLibraryA

oleaut32

OleLoadPicture
RegisterTypeLib
RevokeActiveObject
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroy
VarBstrCmp
OleIconToCursor
ClearCustData

Sections

.text
Size: 17KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ