272b5ba0f3226cf8c024b4cd4aaf3162_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

272b5ba0f3226cf8c024b4cd4aaf3162_JaffaCakes118
Size

153KB
MD5

272b5ba0f3226cf8c024b4cd4aaf3162
SHA1

db6dae412ca611b7c8a3d76899faa18e1cfdc6bd
SHA256

cad3ac401432fbc821b6b6fbeacf83a63c6a7e61d7f538190503955b8663ec9e
SHA512

d217128ad138c7eea763a031597cf3e4b606143d83aa4ffd7b5a2a5c1a9702f2553d6ab0c4337d51c254781125c2dc0890a60f4edf4dccf8f89889ccb1ea1c46
SSDEEP

3072:aTbgrQYX0/ZqG6MBO6XEmq/49LpQ8l+HqD8BXQDaudJ0BsPI7pk/1:smlXYJ66EDOpQ7qCOauklp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
272b5ba0f3226cf8c024b4cd4aaf3162_JaffaCakes118

Files

272b5ba0f3226cf8c024b4cd4aaf3162_JaffaCakes118
.dll windows:4 windows x86 arch:x86

555cebd0a960dbbbcf9069fb156d5214

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
CommDlgExtendedError

kernel32

GetModuleHandleW
FindClose
FindNextFileA
GetConsoleSelectionInfo
FindFirstFileA
EnumResourceLanguagesA
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GlobalHandle
IsDBCSLeadByte
GetModuleHandleA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep

oleaut32

DispGetIDsOfNames
CreateErrorInfo
OleCreateFontIndirect
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantInit
SysFreeString

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 106KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ