72ec3dcd5d1285dc054f05380168375c_JaffaCakes118 | Triage

Sharing

General

Target

72ec3dcd5d1285dc054f05380168375c_JaffaCakes118
Size

43KB
MD5

72ec3dcd5d1285dc054f05380168375c
SHA1

aeaca8e9979c4e3d6c7c7bda60045a2672edefcf
SHA256

c4f85b7560919e64d14f6d4437ec4bbf4d1e58ddfbaee86d60986de927cdceba
SHA512

bc2561ca998e9439ffd0bad94fcb36c50d51b63a21ead05f3c6f8a0139bdb945127afa574347b0fad7ce005bd0dcc687350304f8017bfb6af2662c1cfd5e09b8
SSDEEP

768:lp1FZuJttdcp60f2yKq8/Zuy1W6dUWmTCe/SGgL+/PIIE4gVGPII/:lp3wBdcp60f2Z/ZF1W68TC9xqk50

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72ec3dcd5d1285dc054f05380168375c_JaffaCakes118

Files

72ec3dcd5d1285dc054f05380168375c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d694a0e1bedf37ea9f2065b6a0a09598

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

imm32

ImmReleaseContext

user32

ExitWindowsEx

avicap32

capCreateCaptureWindowA

winmm

waveInUnprepareHeader

msvcrt

strrchr

ole32

CreateStreamOnHGlobal

gdi32

CreateCompatibleBitmap

psapi

GetModuleFileNameExA

advapi32

RegQueryValueExA

shell32

ShellExecuteA

ws2_32

listen

shlwapi

StrCmpW

Exports

Exports

tgyhuji488
DoService
ServiceMain

Sections

.edrf
Size: 24KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fbhmj
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ikeds
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE