239083a94ac9ffed84db88576dccf73a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

239083a94ac9ffed84db88576dccf73a_JaffaCakes118
Size

84KB
MD5

239083a94ac9ffed84db88576dccf73a
SHA1

8a794e0c53ed6a268ce4e87d59fed5c26e196290
SHA256

0d8d681ec3303f524809510b20fa9013668c9a7b1916d75056a62d4e6c3f5197
SHA512

3cc95c89380698efb395317c6d5f5c592a82c42d1010448fd051830a8dfd64de1b03e9c1a3255102f9201a4349576a1e6636237c83b88bdfb45e82b25718e575
SSDEEP

1536:sHVx7hlaRa/ZCVKBj06Jte3yPx9yO6UritUqPl:mT7hlYa/Zp06Jte3iH2Ur2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
239083a94ac9ffed84db88576dccf73a_JaffaCakes118

Files

239083a94ac9ffed84db88576dccf73a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dc79a4b22541f2dbbd09e4fab97f4e3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SuspendThread
SetFilePointer
GetDiskFreeSpaceA
GetCurrentActCtx
FindNextFileA
HeapValidate
SearchPathW
CreateNamedPipeW
ReadDirectoryChangesW
SetVolumeLabelW
SystemTimeToTzSpecificLocalTime
lstrcpynW
FindActCtxSectionStringW
GetLogicalDriveStringsW
GetShortPathNameA
GetModuleHandleExW
CreateSemaphoreA
OpenSemaphoreA
LCMapStringA
CreateActCtxW
GetLogicalDrives
LoadLibraryA
SetComputerNameA
GetProcAddress

ole32

OleTranslateAccelerator
CoQueryProxyBlanket

advapi32

RegOpenKeyW
LogonUserW
CredIsMarshaledCredentialW

gdi32

SelectPalette
SetBkMode
AnimatePalette
TextOutA
ArcTo
SetPixelV
StartDocA
CreateFontIndirectA
CreateHatchBrush
CreateFontA
SetRectRgn

Exports

Exports

appEventPath

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ