59b6000b4be867c18f5eb2a9c89a01f5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

59b6000b4be867c18f5eb2a9c89a01f5_JaffaCakes118
Size

60KB
MD5

59b6000b4be867c18f5eb2a9c89a01f5
SHA1

dd5fcc02471ccda6dca848d30b1405a6dc219133
SHA256

34c7cea68dc0d48b98fa7328c13a33ba3a9b52609d13744945e880b50f495e58
SHA512

839ce980f32f65f3dc58043a75b49b70412ecceb6e91596deb155c2f6c0392506d19bd30ea43cff030648b8cf2d77890981520004ca6045b1ba79ffae83094a5
SSDEEP

1536:YTaM6QkziPnGTSB/1lVsbr8zhRfEAOgnGJm6ig55q59:YTjlkroybozignam6x4/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59b6000b4be867c18f5eb2a9c89a01f5_JaffaCakes118

Files

59b6000b4be867c18f5eb2a9c89a01f5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

187af72e4da7c0bf8c36f5d16ab9523a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dinput

DirectInputCreateEx
DirectInputCreateW
DirectInputCreateA

user32

CloseWindow
SetFocus
SetCursor
CharToOemBuffA

dsound

DirectSoundCaptureCreate
DirectSoundEnumerateW

shell32

SHFileOperationA
SHGetDesktopFolder
SHGetFileInfoA
SHGetMalloc
ShellExecuteExW
ShellExecuteExA
SHGetPathFromIDListA

kernel32

CloseHandle
lstrcpyA
lstrcmpA
lstrcatA
SetUnhandledExceptionFilter
SetLastError
SetCurrentDirectoryA
OpenFileMappingA
LocalAlloc
GetTimeFormatA
GetStartupInfoA
GetModuleHandleA
GetLocalTime
GetLastError
GetDateFormatA
GetCommandLineA
FlushFileBuffers
ExitProcess
EnumResourceTypesA
EnterCriticalSection

Sections

.text
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ