3a890881ca467a3de052ba4cc25d3c02_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a890881ca467a3de052ba4cc25d3c02_JaffaCakes118
Size

168KB
MD5

3a890881ca467a3de052ba4cc25d3c02
SHA1

a0ea6dbb8c3720af1fd438c2838efd2f5fde89d6
SHA256

92c4d89b74344361410170f7676133b0cdbe7836aeaf9772bf397a94c37a8458
SHA512

d25db10aee21a27a51517c10501ac483e9be4aee14da327b2b5da3b58bb79864336bb42bf1159dc891b653e235c8bfa35d427bfe0402c1d44521cc80813952ec
SSDEEP

3072:niNY712a5A4J4pQXDfas5ow3A1wJ5M9fet1ZGbhGHU:iNW2a5QpQXDijghJ5WfenZ/H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a890881ca467a3de052ba4cc25d3c02_JaffaCakes118

Files

3a890881ca467a3de052ba4cc25d3c02_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d9407aaee6df6d834f154d47daa855aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringW
ExitProcess
FindFirstFileA
FindResourceA
GetACP
GetCPInfo
GetCommandLineA
GetExitCodeThread
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapCreate
HeapReAlloc
InterlockedIncrement
IsValidCodePage
LoadLibraryA
MultiByteToWideChar
RtlUnwind
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
SizeofResource
lstrcpynA

msvcrt

__getmainargs
__p__commode
__set_app_type
exit
free
isdigit
malloc
srand

user32

IsIconic
GetSysColor
GetMenuCheckMarkDimensions
FrameRect

ole32

CoCreateInstance
CoBuildVersion

Exports

Exports

ActivatorUpdateForIsRouterChanges
D3DRealloc
GetUpdateCount
NxGetCookingInterface
NxPlatformMismatch
OpenComponentLibraryEx
SetSetupOpen
TextOutWCP_ME
UpdateFromAppChange
UpdateFromComponentChange
W32N_IsWindows2000

Sections

.text
Size: 88KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ