37dfcfba7c83f3246a7d671f1a3702f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37dfcfba7c83f3246a7d671f1a3702f9_JaffaCakes118
Size

161KB
MD5

37dfcfba7c83f3246a7d671f1a3702f9
SHA1

efe7d5423f42d3bf1c07bf660cd1920e92729a98
SHA256

22d6c2264cf42c1a7241a11fd0029c5949d415a4decc2dc6c78f82e78b793260
SHA512

2539a65a6c72ee7b9391c179003fcd74bf6fbbddbb590f72db0ffc458b355a18d8c2986bb179c0c08ab8f7deac24d74d94d046d0e25a69cb571ba61dc93ff16d
SSDEEP

3072:VcZowh3InN/hE8sVG+Me7Wggnal25ILYPST0SCDmlLnBMWg21p:OqU3InN/+8MG/sanalSILYPtSumZBMWJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37dfcfba7c83f3246a7d671f1a3702f9_JaffaCakes118

Files

37dfcfba7c83f3246a7d671f1a3702f9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ab2d0f13f4980ac2349bda8137166ab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
FreeEnvironmentStringsW
GetACP
GetCommandLineA
GetConsoleCP
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemInfo
HeapAlloc
HeapCreate
HeapReAlloc
HeapSize
LoadResource
MultiByteToWideChar
OpenEventA
RtlUnwind
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateThread
UnhandledExceptionFilter

msvcrt

wcscmp
__p__fmode
swscanf
vswprintf
wcscat
_cexit

user32

EnableWindow
EnumChildWindows
ModifyMenuA
DrawFrameControl

oleaut32

VarBstrCmp
SafeArrayAccessData
OleTranslateColor
OleLoadPicturePath
OleLoadPicture
SafeArrayCreate

shlwapi

PathCombineA
PathFileExistsA
PathAppendA
ChrCmpIA
PathGetCharTypeA
SHDeleteEmptyKeyA
SHDeleteValueA
SHEnumKeyExA
PathBuildRootA
SHOpenRegStreamA

Exports

Exports

GetCaptureDeviceFormat
UpdateFromAppChange

Sections

.text
Size: 103KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ