632b811570c3d5abf5b34eb2f3744164_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

632b811570c3d5abf5b34eb2f3744164_JaffaCakes118
Size

173KB
MD5

632b811570c3d5abf5b34eb2f3744164
SHA1

cd47dd0c3ceee8c6b8bcb2d0bbe1c759dc262e22
SHA256

1a9de8ca672ad0063c07461c842d21cbd34d3664e76e0cdafb4dd35091eb4d0b
SHA512

df9f97e165fa7690e57bd1cf6c1bd0ec57cfa570c4b07bc719045f45e9ed09ba98c71bb13d59cab860db9f6c35f9dfa58008007f79fc2f6f9366aa6ebc2c1bbd
SSDEEP

3072:3GsVYf7tsdsLXRyzIxo1sXSecV+/gaOaXhN30/anqwHdG8:hVSJLByGc0gaJNESq4dG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
632b811570c3d5abf5b34eb2f3744164_JaffaCakes118

Files

632b811570c3d5abf5b34eb2f3744164_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c653a5888988a3cb6acc22ee053887bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
ExitThread
GetACP
GetCommandLineA
GetLocaleInfoA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
LocalAlloc
MultiByteToWideChar
RtlUnwind
SetLastError
SetThreadAffinityMask
SetUnhandledExceptionFilter
Sleep
TerminateThread
UnhandledExceptionFilter
lstrlenW

user32

PostMessageA
IntersectRect
GetDC

ole32

CreateAntiMoniker
CoCreateInstance
CoCreateGuid
CLSIDFromString

winmm

joyGetDevCapsA
joyGetDevCapsW
joyGetPos
timeBeginPeriod
waveOutGetNumDevs
joyConfigChanged

Exports

Exports

DowngradeAPL
ExtTextOutComplex
FC_GetFunctionList
FlushWZCDbLog
ISelectionBoundsRaw
OpenComponentLibraryOnStreamEx
SetStreamFrameRate

Sections

.text
Size: 105KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ