638c5de8e59db07bd3d3c8dd20272d15_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

638c5de8e59db07bd3d3c8dd20272d15_JaffaCakes118
Size

144KB
MD5

638c5de8e59db07bd3d3c8dd20272d15
SHA1

84bca03bb83cb5c92ebb599b8b040e82e5c0d200
SHA256

aaa52b91df8830bcc6d1f14131787a412178e590cb702b4873ad62ade4cfe7a7
SHA512

b03876f3f9e7017f8fd1bd8b53d1270e396bc61d8e7ea45b6ebf922b2a91bc6b9ef919c1935b0f3b7eeb547ccf4fcf294db08029e773c687d1e886c3c10734a1
SSDEEP

3072:vzfwwS0NmGDMuI24dLk/0jynPqgQaLDuhY3eslAUlWh1wY6rc+l:vzfK4mGDfB4ebnSwLDuWOAWh1wvX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
638c5de8e59db07bd3d3c8dd20272d15_JaffaCakes118

Files

638c5de8e59db07bd3d3c8dd20272d15_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dea91e8448f038f16c318ee96324ddd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetACP
GetEnvironmentStringsA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemDirectoryA
GetTickCount
HeapAlloc
HeapCreate
HeapSize
LeaveCriticalSection
ReadProcessMemory
TlsFree
lstrcatA
lstrcmpiA
lstrlenA

msvcrt

wcscpy
__p__commode
__set_app_type
exit
free
strspn
wcscat
wcscmp

user32

DestroyWindow
GetDesktopWindow
GetSubMenu
RemoveMenu
DeferWindowPos

oleaut32

ClearCustData
SafeArrayDestroy
OleIconToCursor

shlwapi

SHDeleteEmptyKeyA
PathFileExistsA
PathBuildRootA
SHOpenRegStreamA
SHSetValueA
PathGetCharTypeA
PathGetDriveNumberA
StrChrA

Exports

Exports

OpenComponentLibraryEx

Sections

.text
Size: 75KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ