5e2fc6ae05ac49b180d864edfefadeb8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e2fc6ae05ac49b180d864edfefadeb8_JaffaCakes118
Size

144KB
MD5

5e2fc6ae05ac49b180d864edfefadeb8
SHA1

e11bfb6dd7c82f5675d95afdd3f50a2ba1febb50
SHA256

bd819775a4c8d900a12ba29538522a6edf1a15d0fd4278794ca24c85e3196050
SHA512

bf961063f4e6a4b39bb0c2eae2d0646919bd6f4e48d14dc0129e48a2c1eb6118870c4ea8c3190d005f38ceca5b7f3ae679d557b844a6b6dde63db0b274baa7f6
SSDEEP

3072:g0TwWlos1jsYQcbhODz6WbUrtpo5/Hbo7RCU+/0ODzhfJ57cVfpEUhIr:n31L2bXV88d9kBnIr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e2fc6ae05ac49b180d864edfefadeb8_JaffaCakes118

Files

5e2fc6ae05ac49b180d864edfefadeb8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

269349836cd1ea268449c676855301d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CompareStringA
ExitProcess
FindResourceA
FreeLibrary
GetACP
GetCommandLineA
GetCurrentProcessId
GetEnvironmentVariableA
GetModuleHandleA
GetOEMCP
GetProcessHeap
GetStartupInfoA
HeapAlloc
HeapCreate
HeapReAlloc
InterlockedExchange
LCMapStringA
MapViewOfFile
MultiByteToWideChar
ResumeThread
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
TlsSetValue
WriteConsoleA
lstrcatA
lstrlenW

msvcrt

__getmainargs
__p__commode
__set_app_type
_stricmp
exit
strspn
time
wcscpy

user32

IntersectRect
LoadCursorA
MapWindowPoints
ReleaseCapture
SetTimer
GetWindowPlacement
GetClassNameA
GetCapture
DefFrameProcA
GetDesktopWindow

ole32

CreateAntiMoniker
CoTaskMemFree
CoCreateInstance
CoCreateGuid

Exports

Exports

VersionNumberUCScribe
W32N_CancelPacketRead

Sections

.text
Size: 93KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ