741d534a2856099900da20fba4e9a2ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

741d534a2856099900da20fba4e9a2ad_JaffaCakes118
Size

392KB
MD5

741d534a2856099900da20fba4e9a2ad
SHA1

99eaddbd972cf626c3a6d475607f3a69d0105851
SHA256

d781a831bf9f9a7ca0ee1371dfea0a686c987f4f15784d00ef3a56c685002491
SHA512

139b0a66bbcfd99859fc1f050f3c2e639a8020fd2be86072f453ef86e43b45da4d4de205dab8a8b2f2f51409cbcef2e8e79dba7888a89c7045b0004f61ab7607
SSDEEP

6144:p8Q23fSZZ61wnhoU8fY2X2R8S+B2FPlbd8jYxqwFNTzgokVCqUq+zVOq:p8Q2vSZg+hSY2mR8/2FdbdDeokVZUhM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
741d534a2856099900da20fba4e9a2ad_JaffaCakes118

Files

741d534a2856099900da20fba4e9a2ad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

21a6e35c4b204aa60eb7e8a992852cce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeEndPeriod
CloseDriver
timeBeginPeriod

shlwapi

SHDeleteEmptyKeyA
SHDeleteValueA
SHCopyKeyA

user32

wsprintfA

advapi32

RegLoadKeyA

kernel32

HeapFree
GetProcessHeap
HeapAlloc
GetThreadLocale
GetStdHandle
GetCurrentProcessId
GetModuleHandleA
SetFilePointer
CancelIo
GetComputerNameW
GetSystemDirectoryW
GetCurrentDirectoryA
GetDriveTypeW
SetCurrentDirectoryA
lstrlenA
lstrlenW
lstrcmpW
BackupRead
BackupSeek
GetConsoleMode
CloseHandle
CompareStringA
CreateFileMappingA
DeleteFileA

msvcrt

malloc
free
rand

version

GetFileVersionInfoSizeA

ole32

OleUninitialize

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 336KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ