59ad8affcd1068c424dd40bdb44be2f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59ad8affcd1068c424dd40bdb44be2f7_JaffaCakes118
Size

167KB
MD5

59ad8affcd1068c424dd40bdb44be2f7
SHA1

e177105a04318f06d20bb317688936a6e13ac1f8
SHA256

1490776f063c4fdd3d3e3bcf7522d42b02ace602fa9b70c860e11b573e18b70f
SHA512

46197ff8f90c50c1b19d484248b8cb55e5eed02c9bbd6170a22c1e593b90f2c2591746bda89f73d24a4d708798108fdb6b72217a6e77f2e4f8d3e87dae5518fa
SSDEEP

3072:elTrglu1wGGlZXREzgv76qDsYfGcNsgcJntOzLMqwPcWyDkcJrYXegJj:OTr4GGlZhqW76YjGcNoJnQzL1wUnDTYN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59ad8affcd1068c424dd40bdb44be2f7_JaffaCakes118

Files

59ad8affcd1068c424dd40bdb44be2f7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fd30dd2b7712a5ac86e5fb27097b54e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindFirstFileA
FindResourceA
GetACP
GetCommandLineA
GetCurrentProcessId
GetModuleHandleA
GetOEMCP
GetStartupInfoA
HeapAlloc
HeapCreate
IsBadStringPtrA
LoadLibraryA
MultiByteToWideChar
RtlUnwind
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
lstrcmpiA

msvcrt

wcscat
__p__commode
_wcsicmp
fwprintf
wcscmp
strspn

user32

LoadIconA
PostMessageA
CloseClipboard

oleaut32

VarBstrCat
SysStringLen
SetErrorInfo
SafeArrayDestroy
SafeArrayAllocData
SafeArrayAccessData
OleTranslateColor
OleLoadPicturePath
OleIconToCursor
GetErrorInfo
ClearCustData

shlwapi

ChrCmpIA
PathBuildRootA
PathCombineA
PathFindOnPathA
PathGetCharTypeA
PathGetDriveNumberA
SHDeleteEmptyKeyA
SHDeleteValueA
SHOpenRegStreamA

Exports

Exports

GetCaptureDeviceFormat
UpdateFromAppChange

Sections

.text
Size: 100KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ