64e47ea6c67a67814a4a0a78e0d1a1a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

64e47ea6c67a67814a4a0a78e0d1a1a3_JaffaCakes118
Size

46KB
MD5

64e47ea6c67a67814a4a0a78e0d1a1a3
SHA1

2ae03c041d6976b37d12731b26c10fb21b9cba68
SHA256

f3972d1a6e11ab0f4189d91216b36f676aff72f1d84925a64f27ccae7bff889c
SHA512

febe7adeecfd1a2ef88f21ca469d6e4936dbecc429d0518ef1e31f8f2a425fe8be24c5abc7e7fb0e856cd165a015b935a417c6090cfc535b5731cdbb5bdb0515
SSDEEP

768:gdprBbCWfuHPm9aTjQjtYs+3+BvGF7aZh8XSKKBJrmVe3:gd1BmWmHu9aY2+Bvln

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64e47ea6c67a67814a4a0a78e0d1a1a3_JaffaCakes118

Files

64e47ea6c67a67814a4a0a78e0d1a1a3_JaffaCakes118
.dll windows:9 windows x86 arch:x86

6f5b6d361090a9773019408e2d8c2812

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

infohelp

ImmSystemHandler
_alldvrm
wcscmp
ImmGetProperty
IsLFNDriveA
PathResolve
ILIsParent
CtfImmIsTextFrameServiceDisabled
wcscat
wcscspn
vDbgPrintExWithPrefix
ImmUnregisterWordA
RealDriveType
_ui64tow
ImmGetHotKey
abs
iswctype
CtfImmGenerateMessage
strspn
strpbrk
ImmWINNLSGetEnableStatus
ImmPenAuxInput
_tolower
ImmFreeLayout
iswlower
ImmDisableTextFrameService
RealShellExecuteExA
wcslen

kernel32

CreateEventA
SwitchToThread
ExitProcess
SetProcessAffinityMask
SetThreadAffinityMask
GetProcessAffinityMask

Exports

Exports

CreateProcessNotify
DllGetVersion

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ