0d7d0a44154894a5c1a60c1fb426f450_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d7d0a44154894a5c1a60c1fb426f450_JaffaCakes118
Size

159KB
MD5

0d7d0a44154894a5c1a60c1fb426f450
SHA1

74310c81a9216171b1aa5313d816f7a29b721079
SHA256

6110ec0673284eb85d3ed0e60cf5ba79695f32cdd996b64b4b6ccacad3a59f90
SHA512

b74548e47795d378eb7b0e1e841b578212b84570ae5c46bd0ac59c30dc85aee29c7629fe74733a3ba3555e2ba646b085b412b95389fd51b37dd73bc4609c2a13
SSDEEP

3072:jaUwNeWc+d2XefagV+mP09QLj1+Oyv5G2rPANk8:jZwgWc+9fH5PiKQOypkW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d7d0a44154894a5c1a60c1fb426f450_JaffaCakes118

Files

0d7d0a44154894a5c1a60c1fb426f450_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7f4ee624fc259ed1e006393027b985b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
GetACP
GetCommandLineA
GetLastError
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetStdHandle
HeapAlloc
HeapCreate
HeapDestroy
HeapSize
LoadLibraryA
LoadResource
MultiByteToWideChar
RtlUnwind
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SizeofResource
TlsGetValue
lstrcpynA
lstrlenA

msvcrt

fprintf
__p__commode
_cexit
_wcsicmp
_XcptFilter

user32

DeleteMenu
ReleaseDC
DefMDIChildProcA

oleaut32

VarBstrCat
SetErrorInfo
SafeArrayDestroy
OleLoadPicture
GetErrorInfo
VarBstrCmp

shlwapi

PathBuildRootA
PathFileExistsA
ChrCmpIA
PathFindOnPathA
PathGetCharTypeA
PathGetDriveNumberA
SHDeleteValueA
SHOpenRegStreamA
PathAppendA

Exports

Exports

NxCreatePMap
RichInkFilterDirect

Sections

.text
Size: 102KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ