345f55e3c4f56fbd8d9680cadb8f0c44_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

345f55e3c4f56fbd8d9680cadb8f0c44_JaffaCakes118
Size

248KB
MD5

345f55e3c4f56fbd8d9680cadb8f0c44
SHA1

0005b103530c589f58d31499fe90e4303a1981c1
SHA256

7ab964e8fddde2ad89b2f2c24b6b1b612cad759cb07bca6690dff7db216df00b
SHA512

8cbbf538adecdee73282f26ee9687a85762b685bf6c6f3161f7911676915e291a54e8b23ca103ea24b52ddc2daf9cb28f947544808df1d1eb7137b5efdc3ccde
SSDEEP

6144:BEa6enKvlVmrhaPAalt1B7LdzzpiwObld:+enYlVcQAalXNq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
345f55e3c4f56fbd8d9680cadb8f0c44_JaffaCakes118

Files

345f55e3c4f56fbd8d9680cadb8f0c44_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f76680ad2ab649e4f08c7f17cc730675

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
FindFirstFileA
FormatMessageA
GetCommandLineA
GetConsoleCP
GetEnvironmentStringsW
GetFileType
GetLocaleInfoW
GetModuleHandleA
GetThreadContext
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapFree
HeapSize
IsValidCodePage
LoadLibraryA
RtlUnwind
SetEndOfFile
SetErrorMode
SetFilePointer
WaitForMultipleObjects
WideCharToMultiByte
lstrcatA

advapi32

ObjectDeleteAuditAlarmA
QueryServiceConfig2W
RegQueryValueA
SetSecurityDescriptorSacl

msvcrt

__set_app_type
rand
exit
__getmainargs
__p__commode
_exit

ole32

CoQueryReleaseObject
CoAddRefServerProcess
CoSwitchCallContext

ddraw

DirectDrawCreateEx
DirectDrawCreate
DSoundHelp
DDInternalUnlock
DDInternalLock
DirectDrawCreateClipper

crypt32

CryptSIPPutSignedDataMsg
CryptSignAndEncodeCertificate

Exports

Exports

LogPosToNormalPos

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ