0e840e165fed3cf5f716e09dbca9c978_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0e840e165fed3cf5f716e09dbca9c978_JaffaCakes118
Size

163KB
MD5

0e840e165fed3cf5f716e09dbca9c978
SHA1

0863f4e56db3506568833e716f2b72c5784b4e39
SHA256

5f40c4c74e7b985e2e20a30cab0147840be707f2389e4062025d109825800e35
SHA512

36c04ad5f1551c566851a322b6b30cfa549d754952447bc8a8f3f5fcbfc742f443569e03cd8ba4cc2163d7a193db5a96ef77310e26d2786e17c73deb7d094378
SSDEEP

3072:ERbmRGCc+zqTT+fzFGgVc2dYJjT0Xbuy4sEwRbdHW6iSx2ICPBfpNF/:qmRGkvBGWDdO/ybuynRVnCrNF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e840e165fed3cf5f716e09dbca9c978_JaffaCakes118

Files

0e840e165fed3cf5f716e09dbca9c978_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ab2d0f13f4980ac2349bda8137166ab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
FreeEnvironmentStringsW
GetACP
GetCommandLineA
GetConsoleCP
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemInfo
HeapAlloc
HeapCreate
HeapReAlloc
HeapSize
LoadResource
MultiByteToWideChar
OpenEventA
RtlUnwind
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateThread
UnhandledExceptionFilter

msvcrt

wcscmp
__p__fmode
swscanf
vswprintf
wcscat
_cexit

user32

EnableWindow
EnumChildWindows
ModifyMenuA
DrawFrameControl

oleaut32

VarBstrCmp
SafeArrayAccessData
OleTranslateColor
OleLoadPicturePath
OleLoadPicture
SafeArrayCreate

shlwapi

PathCombineA
PathFileExistsA
PathAppendA
ChrCmpIA
PathGetCharTypeA
SHDeleteEmptyKeyA
SHDeleteValueA
SHEnumKeyExA
PathBuildRootA
SHOpenRegStreamA

Exports

Exports

D3DRealloc
HrSetFontFallback

Sections

.text
Size: 105KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ