214ea3e629d966eb514f89acc6d559e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

214ea3e629d966eb514f89acc6d559e2_JaffaCakes118
Size

168KB
MD5

214ea3e629d966eb514f89acc6d559e2
SHA1

bccc56b06452ca4a682aeb96156cea6d008ba9bc
SHA256

2f966eb82fc59a7bf00fc8003a72b6b1456f18ff47400f7c0283c150de803cae
SHA512

72a7ce7471609fd23f926ab8096dd40a0feea82fd6edbd6a4c80e90439bb46d23be3cada3cb0914ae4812f4305967a66fb953cd6d5502550bd60748b3e529665
SSDEEP

3072:Bg4SfFPK2SBgG11QPbTJN14KczNftQxSv4JR3M7qXaOqmaSp0yQ:q4E6CGnQzSzIxndqmaSp0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
214ea3e629d966eb514f89acc6d559e2_JaffaCakes118

Files

214ea3e629d966eb514f89acc6d559e2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

30d9085a3289e9eaa9ca24c0327794b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindFirstFileA
FindResourceA
GetACP
GetCommandLineA
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetStringTypeA
GetStringTypeW
HeapAlloc
HeapCreate
HeapReAlloc
IsValidCodePage
IsValidLocale
MultiByteToWideChar
ResetEvent
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
WriteFile
lstrcmpiA
lstrcpyA

msvcrt

__getmainargs
__p__commode
__set_app_type
_wcsicmp
exit
fprintf
isdigit
srand

user32

ReleaseDC
OffsetRect
ChildWindowFromPoint
GetWindowTextA

ole32

StringFromGUID2
CreateBindCtx
CoTaskMemAlloc
CoCreateInstance
CoBuildVersion

Exports

Exports

CheckMemoryGates
D3DBreakVBLock
D3DRealloc
DllMain
EnumWZCDbLogRecords
GetUpdateRTFLicense
InitRichInkDLL
UCheckOS
UninitializeStreaming
W32N_GetLastError
W32N_GetNetCardRegistryPath
XFromIchRaw2

Sections

.text
Size: 87KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ