310bb0ffa88cae28a3c49b6fd6264285_JaffaCakes118 | Triage

Sharing

General

Target

310bb0ffa88cae28a3c49b6fd6264285_JaffaCakes118
Size

64KB
MD5

310bb0ffa88cae28a3c49b6fd6264285
SHA1

2bfe6543cc33f851c142585730f6607aab570c60
SHA256

5b56e97999c88067c1ac99ce601f6b851f62980e97a7e1b75be5aceb46f34188
SHA512

442a0cefe0dcec78a1c8feb07624314dcceede6c774106cec5a4990888529f682245ffe09eff7617cfc9ff036822ab3613bdd74757a30226f994575b9199c7e2
SSDEEP

1536:Bodz1UVMO7OcSWn8ojVPkyMZPHTlfa8EBOallUq:edz1YMO7Oceol3iHTlfa8sOa4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
310bb0ffa88cae28a3c49b6fd6264285_JaffaCakes118

Files

310bb0ffa88cae28a3c49b6fd6264285_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9cb2b585a059e4f4cef3b68f54438d5d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLogicalDriveStringsA
lstrcatA
CommConfigDialogA
GetStartupInfoA
ExitProcess
SetEndOfFile
LocalAlloc
TransactNamedPipe
GetCommandLineA
VirtualAllocEx
PurgeComm
GetProfileSectionA
GetVersionExA
GetAtomNameA
GetFileSize

user32

PostThreadMessageA
LockWorkStation
CreateMDIWindowA
AdjustWindowRectEx
TranslateMessageEx
CharUpperBuffA
UnhookWindowsHook
PeekMessageA
AllowForegroundActivation
EnableWindow
GetAsyncKeyState
EnumChildWindows
SetWindowsHookA
GetCaretPos
MapDialogRect
PostThreadMessageA
RegisterWindowMessageW
ModifyMenuA

gdi32

DeleteObject
LineTo
StretchBlt
PatBlt

advapi32

RegOpenKeyExA
RegCloseKey

Exports

Exports

Iqhyumt
Sckqiaib

Sections

.textbbs
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ