19299b383dec663172c1833e37648c18_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

19299b383dec663172c1833e37648c18_JaffaCakes118
Size

64KB
MD5

19299b383dec663172c1833e37648c18
SHA1

7d14305ab635647145676da72e49ce4df9b9b900
SHA256

ceb93c80bb5881109b4de2f21900315150f68e62806f0b91a30d434d8a228f34
SHA512

b30acdd08feed296fe764723e67806cab462784a7983729b638aef1ad7f8b2eef850bf1c48c09e7e5ac8b29ef604516ed10ef2dc3f71ef713d9d67f797bf3cfa
SSDEEP

768:7YhnJ9r2GlWH6uIj7R5F1Bedz8ycaVEUuex4nFEzYrX1swUlPJF0MsaIPxun2oca:7jK+4l/3eyOFZSE8rYJso04TcU+5ggs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
19299b383dec663172c1833e37648c18_JaffaCakes118

Files

19299b383dec663172c1833e37648c18_JaffaCakes118
.dll windows:4 windows x86 arch:x86

745fba72154776b21f2de9b0f8969474

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsBadCodePtr
GetVolumePathNameA
RemoveDirectoryA
LoadLibraryA
GetProcessId
ExitProcess
GetPrivateProfileSectionNamesA
SetTapeParameters
GetLocaleInfoA
VirtualAlloc
GetPrivateProfileSectionA
SetDefaultCommConfigA
GetCurrentProcess
GetModuleFileNameA
RaiseException
ReadConsoleOutputA
HeapLock
GetConsoleMode
WritePrivateProfileStructA
ResumeThread
GetUserGeoID
UnregisterWait
ReadConsoleInputA
WriteProfileSectionA

gdi32

SetViewportOrgEx

shell32

SHGetSpecialFolderPathA

winmm

timeEndPeriod
timeGetTime

Exports

Exports

Wckxtmftthe
Lvobaqrak
Pbsryeuocx
GetDovpulh
WriteFnbxqrbfv
AddTlvitawal
CloseHmlsabq
Xonkpofvtc

Sections

.itext
Size: - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ