82ca481b88b546579c76832121d3aeb0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

82ca481b88b546579c76832121d3aeb0_JaffaCakes118
Size

43KB
MD5

82ca481b88b546579c76832121d3aeb0
SHA1

233fd0e802c38f1ef64bd36ef27ed8341bd94fba
SHA256

e8870a639e0c984c10e669d4fedb2e5a72694b68060d927a13cbe9870de4c570
SHA512

1ec6c80eb46ab8ea9553028bca0ab439218f6a0cbf3c0fcee835d1f2412fb82e4c7d0607a22c710f70dbcacd443a1ea53b8b252f409a5d674b8687ff28a891cb
SSDEEP

768:DrugOBx2N+a91MqEakU5q7U2/ilnLwabrhNNcD3P6m:DrugC2SiyqBLplcT7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
82ca481b88b546579c76832121d3aeb0_JaffaCakes118

Files

82ca481b88b546579c76832121d3aeb0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a91a95f1772921196ebdd010b0702ca3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

waveInUnprepareHeader

shlwapi

StrCmpW

msvcrt

malloc

imm32

ImmReleaseContext

user32

ExitWindowsEx

advapi32

RegCloseKey

gdi32

DeleteObject

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA

avicap32

capCreateCaptureWindowA

ws2_32

listen

Exports

Exports

gytfredwse
ServiceMain
rftgyhujk

Sections

.erdf
Size: 25KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

edrft
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtyhgj
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE