6607cb0fa3799ac9fe5cc1949bf6dc46_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6607cb0fa3799ac9fe5cc1949bf6dc46_JaffaCakes118
Size

154KB
MD5

6607cb0fa3799ac9fe5cc1949bf6dc46
SHA1

64f034854e49b3d1bd2fc61f502ff2efe0952406
SHA256

3038be9504467aefd6ffc1b274d525756c4154ac32f1cc5b4b3f579227f86b15
SHA512

9b116665502d423e27a8f88c993dd62e539468f0a550b1406d0a3acf1133b6c4178256f2adfaaf9a721105721fb9338b957a75da34117110045001894ba76197
SSDEEP

3072:SUhlQtxZNQdnELeNOhIJXrhI5ytBUvUtQuL3p/jgi:SUhlUydySMIJ7hIct2IQu7p7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6607cb0fa3799ac9fe5cc1949bf6dc46_JaffaCakes118

Files

6607cb0fa3799ac9fe5cc1949bf6dc46_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7965beef1ad678b76dbbced461f61e1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
ExitProcess
FatalAppExitA
FileTimeToSystemTime
GetACP
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapCreate
lstrcmpiA
lstrlenA

msvcrt

setlocale
__p__commode
__p__fmode
_cexit
_except_handler3
wcscpy
wcscmp
wcscat
rand
isdigit
_exit

user32

ExitWindowsEx
MoveWindow
GetDoubleClickTime
CheckRadioButton

oleaut32

SafeArrayDestroy
OleTranslateColor
RegisterTypeLi
VarBstrCat
SysFreeString
SetErrorInfo
OleIconToCursor
SafeArrayAccessData
SafeArrayCreate

shlwapi

ChrCmpIA
SHEnumKeyExA
StrStrIA

Exports

Exports

CreateASUSessionWithURL
GetNextReadyBuffer
GetUpdateName
MIDL_user_free

Sections

.text
Size: 75KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ