23c01d61ba43cd426079dba538a8e701_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23c01d61ba43cd426079dba538a8e701_JaffaCakes118
Size

176KB
MD5

23c01d61ba43cd426079dba538a8e701
SHA1

3d0caf6b9ebbbb3b4c906cc39212c399bdfe2ab5
SHA256

a34715ff13001289cdf69d145084b24632038837f9f26728f48f6e74108d0e12
SHA512

df7f564789b0554de098cee6089383cfbefb074bcd41227ac0a380f87c6ade497ee5d1d0ac18b1ab19c462766748a5417d5d36d9d20ad25da593ab8f8424dfc0
SSDEEP

3072:dURj7+iH7SsJtJ+MjDkRiwD/cvg+sCHxRG+TSDjMVyVXH+Y3xmmejT5g5:dUJ+iH7VMzR+NNTglPomm5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23c01d61ba43cd426079dba538a8e701_JaffaCakes118

Files

23c01d61ba43cd426079dba538a8e701_JaffaCakes118
.dll windows:4 windows x86 arch:x86

470b6cb5e206a5fa4e19c7a6baea60ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringA
ExitProcess
FindClose
GetACP
GetCPInfo
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetProcessHeap
GetStartupInfoA
GetSystemDirectoryA
GetTimeZoneInformation
GlobalAddAtomA
HeapAlloc
HeapCreate
HeapReAlloc
InterlockedDecrement
IsDebuggerPresent
IsValidCodePage
MultiByteToWideChar
ResetEvent
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
lstrcmpiA
lstrcpyA
lstrlenA

msvcrt

rand
srand
printf
strpbrk
exit
__set_app_type
__p__fmode
__getmainargs
__p__commode
sscanf

user32

IsWindowVisible
SetMenuItemInfoA
GetSubMenu

winmm

joyGetPosEx
joyConfigChanged
joySetCapture

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance

shlwapi

PathStripPathA
StrStrA
StrStrIA
StrStrW
PathRenameExtensionA

Exports

Exports

CaptureFrame
Direct3DCreate
InitRichInkDLL
SetModeAndFonts_TRTXT
bpf_filter

Sections

.text
Size: 107KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ