293acf7f8e715fc889095a31679f6029_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

293acf7f8e715fc889095a31679f6029_JaffaCakes118
Size

162KB
MD5

293acf7f8e715fc889095a31679f6029
SHA1

ea42ea67c848e4d35ae8a04243acd99c27d7e731
SHA256

7d1bc97931ba3ee31d1275b9ee65e15d37b0fa4262fa1b7cc94049385e775718
SHA512

c2a7dc92c45d8aa7aba7f999ce3d1642672db6941f0ab09fa3703a0fe1439e04ceb302ce1ea54c4e4072df51904cb33fa934f7d1d441f63d6aafbc664d4a3c70
SSDEEP

3072:WEoJdwKPvpxPEPOzbbDEHk1sLtiXiJ+WNITDYUOhRJOCi2cIku:WxPvpxPqOHEHkKtiXisWSnYvh6Y5ku

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
293acf7f8e715fc889095a31679f6029_JaffaCakes118

Files

293acf7f8e715fc889095a31679f6029_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4eb33e6104febee1029eeeb68f54340e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
LoadLibraryA
InterlockedDecrement
InterlockedExchange
Sleep
GetProcAddress
GetLocalTime
VirtualAlloc
VirtualProtect
SetLastError
GetLastError
GetComputerNameA
InterlockedExchangeAdd
IsBadWritePtr

user32

GetWindowRgn
GetDC
WindowFromDC
CopyIcon
GetTitleBarInfo
IsCharAlphaA
GetLastActivePopup
IsIconic
GetGUIThreadInfo
GetWindowPlacement
IsMenu
SetLastErrorEx
GetWindowTextLengthA
GetWindowRect
GetWindow

msvcrt

_adjust_fdiv
malloc
_initterm
free
memchr
_memccpy
_set_error_mode
_ltoa
time
floor
_hypot
_pctype
_isctype
__mb_cur_max
localeconv
_errno
div
_CIfmod
_CIsinh
_CItanh
_CIpow
_itoa
ldiv

gdi32

GetPixel
GdiGetBatchLimit
GetBkColor
GdiFlush

ole32

CoDosDateTimeToFileTime
CoGetCurrentProcess

shell32

ord680
DuplicateIcon
ord66

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ