6f9384c7a540eb10e39fdac6e88fd30f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f9384c7a540eb10e39fdac6e88fd30f_JaffaCakes118
Size

49KB
MD5

6f9384c7a540eb10e39fdac6e88fd30f
SHA1

602dc8db4a304f242dbadefcfcc17c9c4daafc64
SHA256

e1d45dd2dec6a00c90e7377397b7ba7dc3d60069e9e823413095ebe42e25bf5a
SHA512

5a14893b73ff04dcdc63fbcc88cd567553903644dc3657b9b4daa396a34ce56e2fc229ff0c2a91b1f6cef5351962163ce08c20a25fe5ac35f883e167d5960bc4
SSDEEP

1536:7OLzexlx9XbDcfgMZpfZVF3X9ctYg8god:7mWtDGgMDZGtYg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f9384c7a540eb10e39fdac6e88fd30f_JaffaCakes118

Files

6f9384c7a540eb10e39fdac6e88fd30f_JaffaCakes118
.dll windows:8 windows x86 arch:x86

41e0729d138dc14cd1d063fac9b5b811

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ConnectNamedPipe
SetNamedPipeHandleState
IsProcessorFeaturePresent
SetFilePointer
GetFileAttributesExA
MapViewOfFile
MapViewOfFileEx
ReadFile
ExitProcess
RegisterWaitForInputIdle
WaitForMultipleObjects
VirtualQueryEx
ReadFileScatter
GetThreadLocale
WriteFile
OpenThread
UnmapViewOfFile
CreateFileMappingA
SetThreadIdealProcessor
CreateFileA

dfshbdhe

IsLFNDriveA
ImmUnregisterWordA
ILFindLastID
RestartDialogEx
ImmNotifyIME
Options_RunDLLA
IsLFNDrive
_wcsupr
ImmGetContext
CtfImmTIMActivate
ImmLockIMCC
ImmGetAppCompatFlags
DAD_AutoScroll
isalpha
isupper
ImmGetDescriptionA
DllGetVersion
ImmInstallIMEA

Exports

Exports

CreateProcessNotify
SndVlist

Sections

.text
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ