5de795dbf89d555a5f6ebf4437eb4bd1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5de795dbf89d555a5f6ebf4437eb4bd1_JaffaCakes118
Size

161KB
MD5

5de795dbf89d555a5f6ebf4437eb4bd1
SHA1

f34aaf3a84ee085d45fea0b01d7c4522411566ac
SHA256

dcb88e8b9c42a11316b98b7c62f5d5a880f8ea212eb0b57cf9bc101516c3ed80
SHA512

f03da448c25fc812ae4d0f5e0482e2c783b6e83c513bdb42414b3e97682eda74e0c95be0fb7f2052113a4b15b83c16cd6a44b39b3c0fbffcfbaed0c09a103082
SSDEEP

3072:XcmN51j2pDvBvTlqKZLRfNtXvnnbFff+ZMoEe1lNS15lFBht:Xh1j2pDJv4K55NtXvnnZ3+ZMa13SjBht

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5de795dbf89d555a5f6ebf4437eb4bd1_JaffaCakes118

Files

5de795dbf89d555a5f6ebf4437eb4bd1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fa8d18c17170f3856fbe89b7ffd48053

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wsock32

WSACleanup

avicap32

capCreateCaptureWindowA

winmm

waveOutWrite

advapi32

RegQueryValueExA

oleaut32

SysFreeString

ole32

CoCreateInstance

msacm32

acmStreamUnprepareHeader

user32

GetKeyboardType

shell32

ShellExecuteA

comdlg32

GetSaveFileNameA

gdi32

GetObjectA

version

VerQueryValueA

wininet

InternetReadFile

Exports

Exports

ServiceMain
ServiceMainManual

Sections

CODE
Size: 153KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE