3641e987fa9fe773754a70fd89a05c2d_JaffaCakes118 | Triage

Sharing

General

Target

3641e987fa9fe773754a70fd89a05c2d_JaffaCakes118
Size

39KB
MD5

3641e987fa9fe773754a70fd89a05c2d
SHA1

775a5e6f557159de2c14320c7760d19b774545e8
SHA256

c8052fc57dc9fbade684444261c5706d7f5f80990dd4da985949cbbf3a47bf54
SHA512

72c5afe28d1452b8a523ee4e4cb068d47d1ad3c4230b2e1e6a07f233d294a9297c4dc8845415a21464371d16957ee94ec31fe3f36a324e620361cf1ec58c8e64
SSDEEP

768:B/J4QPdqTxp/QxmlsbzG05IupoYB++EGEcmGiLjXSfB9eHZVdP:B/JD4Tj/nlgvI0oYHirXjCZ9eR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3641e987fa9fe773754a70fd89a05c2d_JaffaCakes118

Files

3641e987fa9fe773754a70fd89a05c2d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3e49c9d8f069e10a7274b4dee3911cde

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateProcessA
ExitProcess
ExpandEnvironmentStringsA
FindResourceA
GetACP
GetCommandLineA
GetCurrentThreadId
GetEnvironmentVariableA
GetModuleHandleA
GetOEMCP
GetProcessWorkingSetSize
GetStartupInfoA
GetTickCount
GetUserDefaultLCID
HeapAlloc
HeapCreate
HeapReAlloc
InterlockedIncrement
LCMapStringA
MultiByteToWideChar
ResumeThread
RtlUnwind
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsGetValue
TlsSetValue
UnmapViewOfFile
WriteConsoleA
lstrcatA
lstrcpynA

msvcrt

__p__commode
__set_app_type
exit
realloc
strspn
__getmainargs

user32

DrawEdge
GetClassLongA
GetDoubleClickTime
GetWindowLongA
GetWindowRect
InflateRect
InsertMenuA
LoadCursorA
MoveWindow

winmm

mmioDescend
mmioOpenA
mmioStringToFOURCCA
timeGetTime
mixerGetLineControlsA

Exports

Exports

FSimpleStr

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ