48ccc3b94b448dbbf67511a8104228c4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

48ccc3b94b448dbbf67511a8104228c4_JaffaCakes118
Size

130KB
MD5

48ccc3b94b448dbbf67511a8104228c4
SHA1

4c2d90fce851d4cd83ed8745776283be62d9c259
SHA256

f0d2dcdcaf97a265f577607b4de7001573f91a3906b680b7491c635b36bf36e0
SHA512

cfdfe6eb8bcbd78e44a798bb316d08e8772fafcb60b4d0c20230bd6756f14e831050a5bab818da27a035383b8b989afca7f917efe0bfeab6be6a9516e7ae0a5e
SSDEEP

3072:6haaedf+NG+dQjVyNrmnFZsMCOFKbafzusgwHtN5Dzl:9aeJENUfJDrei5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48ccc3b94b448dbbf67511a8104228c4_JaffaCakes118

Files

48ccc3b94b448dbbf67511a8104228c4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f3bc2b6c97a4b4bcc111e4fc6bdd37b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapCreate
IsBadReadPtr
RaiseException
ReadProcessMemory
CreateFileMappingA

msvcrt

_exit
free
malloc
realloc
wcscmp
_wcsicmp

user32

BeginPaint
GetMessageA
GetUpdateRgn
PeekMessageA
SendMessageTimeoutA
TrackPopupMenu
CheckMenuItem
DestroyWindow
SetCursor

oleaut32

RevokeActiveObject
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroy
SysReAllocString
RegisterTypeLi

shlwapi

PathCombineA
PathBuildRootA
PathAppendA
PathFileExistsA
SHDeleteValueA
SHQueryInfoKeyA
StrSpnA
StrStrA
StrToIntA
SHDeleteKeyA

Exports

Exports

ReleaseSessionRef

Sections

.text
Size: 64KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ