28befaaa2c8e2dd0e43b05ee2ab12ea5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28befaaa2c8e2dd0e43b05ee2ab12ea5_JaffaCakes118
Size

43KB
MD5

28befaaa2c8e2dd0e43b05ee2ab12ea5
SHA1

9ad760d88b3d48b0accfb6f2ea233286bb57e391
SHA256

0b05fb112a3ba622d7614864b0f55b6dac27e8540bcee03c8d83eac92b7e311f
SHA512

40184d33c7a8caa86ad1a5e3fde80ccb1ce6532e00ba3ec5179b2fe1288624706e27063bc80498baca9ebccb7d55fac77022259f8fe50d67f519f65ccce5df38
SSDEEP

768:dr7saq35YjQbvoFH6/YD0DuElmib2I9FeY0S4asasLep6IqKFZ827aksMjQg:tsaqXyH6QDuoiaI9RjsLDpwC2O/Msg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28befaaa2c8e2dd0e43b05ee2ab12ea5_JaffaCakes118

Files

28befaaa2c8e2dd0e43b05ee2ab12ea5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f9264d26677b15b8ff89ac90a48885d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt.dll

malloc

winmm

waveInUnprepareHeader

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

shlwapi

StrCmpW

imm32

ImmReleaseContext

psapi

GetModuleFileNameExA

user32

ExitWindowsEx

ws2_32

listen

advapi32

RegCloseKey

avicap32

capCreateCaptureWindowA

gdi32

DeleteObject

Exports

Exports

gytfredwse
ServiceMain
qwaszxerd

Sections

.erdf
Size: 25KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

edrft
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtyhgj
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE