2f8fb171565aa83a6cfa3073203ddf17_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f8fb171565aa83a6cfa3073203ddf17_JaffaCakes118
Size

32KB
MD5

2f8fb171565aa83a6cfa3073203ddf17
SHA1

929fe21187add7b4e85c50195167488f4210e7b9
SHA256

34212198c2f8e4b8639b61a751e30236d72ad07997897789983e7e999720e969
SHA512

dadfbd8a3703760e25010368c3e486aa9292deac90eb2f5a26f1fdcf444dd0bd1a12f18c00a1eb490409b8fba8a88f33d212201b923f3ba460f6531aa64c4007
SSDEEP

768:GRVuMNcnZn8Hzmq/REPdcl6FS9KhCJWAEy:Gju/n8Hz4FUtQAE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f8fb171565aa83a6cfa3073203ddf17_JaffaCakes118

Files

2f8fb171565aa83a6cfa3073203ddf17_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4af94fdd66676d0eefeea6522a1659d0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

ExitWindowsEx

gdi32

DeleteObject

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

ws2_32

listen

shlwapi

StrCmpW

psapi

GetModuleFileNameExA

imm32

ImmReleaseContext

avicap32

capCreateCaptureWindowA

winmm

waveInUnprepareHeader

msvcrt

malloc

Exports

Exports

MainWork01
Service01
ServiceMain

Sections

.text
Size: 26KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE