4b1f7ed02fd8fa5a3208c9f8564541b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b1f7ed02fd8fa5a3208c9f8564541b2_JaffaCakes118
Size

64KB
MD5

4b1f7ed02fd8fa5a3208c9f8564541b2
SHA1

1d308f63a98257459719b2ccc38b367e001503f8
SHA256

193f8d9ae16e9ab6dc902dbd8e70f5af90b11437a6269393e68e6173033218af
SHA512

5035140b7b8af93ded50a659d4f2cc8c1237eca2d808113b32c513c1b8f51cca7a1c227c63bdde23221ba6566381e65f98a8909d5d79ec817b6b321c7970cfd9
SSDEEP

1536:IBRhG9tGLaoYXLf1raksfPNNlRR1bY54:IvMGLaFsfPNvZ85

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b1f7ed02fd8fa5a3208c9f8564541b2_JaffaCakes118

Files

4b1f7ed02fd8fa5a3208c9f8564541b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e511b287ebac4b1a6658ebd4c34087f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVolumePathNameA
ExitProcess
GetThreadPriorityBoost
SetDefaultCommConfigA
VirtualAllocEx
GetCommandLineA
SearchPathA
OpenSemaphoreA
WriteProfileStringA
WritePrivateProfileSectionA
OpenJobObjectA
WaitNamedPipeA
GetModuleFileNameA
GetStartupInfoA
SetComputerNameExW

user32

PostThreadMessageA
GetClassInfoExA
GetAltTabInfoA
DrawTextExA
GetMessagePos
ToAscii
BroadcastSystemMessageExW
DrawCaption
RegisterWindowMessageW
DialogBoxIndirectParamA
SetTaskmanWindow
GetTabbedTextExtentA
ExitWindowsEx
TileChildWindows
GetMenuContextHelpId
MapDialogRect
AdjustWindowRectEx

advapi32

RegCloseKey
RegOpenKeyExA

Exports

Exports

EndAcicbaoskix
Ahtamgoqjyr

Sections

.textbbs
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ