3bf42de14eb8783a761316c3066c895a_JaffaCakes118 | Triage

Sharing

General

Target

3bf42de14eb8783a761316c3066c895a_JaffaCakes118
Size

161KB
MD5

3bf42de14eb8783a761316c3066c895a
SHA1

03da1df85d0e589f3f70e0eb15f3fb9cdcdeb5b7
SHA256

ba412154e28bfcd8869b5fd8f1e1332827cedeb32364c4f66e5f852bb03760ae
SHA512

8110da97413e74b280a17b033f12d5b88c685adc83d958c39644da489219a768758e8cf8569e5e9fab2ba2a0aa7107b12cc1f0ee369385d595efeb7223106d16
SSDEEP

3072:XdbFsd2yK1k7o3j+3sXVyAulsz/KnAEElUnYCqNiJvyqN0rGa:XdbFPaE+QVyAYs7qArCqNikqN0r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3bf42de14eb8783a761316c3066c895a_JaffaCakes118

Files

3bf42de14eb8783a761316c3066c895a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ab2d0f13f4980ac2349bda8137166ab9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
FreeEnvironmentStringsW
GetACP
GetCommandLineA
GetConsoleCP
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemInfo
HeapAlloc
HeapCreate
HeapReAlloc
HeapSize
LoadResource
MultiByteToWideChar
OpenEventA
RtlUnwind
SetEvent
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateThread
UnhandledExceptionFilter

msvcrt

wcscmp
__p__fmode
swscanf
vswprintf
wcscat
_cexit

user32

EnableWindow
EnumChildWindows
ModifyMenuA
DrawFrameControl

oleaut32

VarBstrCmp
SafeArrayAccessData
OleTranslateColor
OleLoadPicturePath
OleLoadPicture
SafeArrayCreate

shlwapi

PathCombineA
PathFileExistsA
PathAppendA
ChrCmpIA
PathGetCharTypeA
SHDeleteEmptyKeyA
SHDeleteValueA
SHEnumKeyExA
PathBuildRootA
SHOpenRegStreamA

Exports

Exports

C_GetFunctionList
W32N_GetTimestampInformation

Sections

.text
Size: 103KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ