88fd2a697f2e9bce99584021ed94f5db_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

88fd2a697f2e9bce99584021ed94f5db_JaffaCakes118
Size

124KB
MD5

88fd2a697f2e9bce99584021ed94f5db
SHA1

cfdd1bb94e49f23ce50d1e79a145e7fd92c1fcd4
SHA256

e89d4bd03969a79c35d46e9d9a9f5d16fd4efc73125ccd509606967944ef92d3
SHA512

f839dfb343ac8d5f7606ddd3361f3eb2aee6391f36063d1695f35b9e949ec5642e8d6ed284c81b150e9887a1a3e249e56b419a2f045ce15bc770bb205a78b8ab
SSDEEP

3072:YI0JWkFMXQriYVLgbaBFPSWlr47XHKC5xYe:YIpMDiYlPKWO73BxY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88fd2a697f2e9bce99584021ed94f5db_JaffaCakes118

Files

88fd2a697f2e9bce99584021ed94f5db_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ab7a86c8b676099ebf0f13d8f3ea38e7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
GetProcAddress
FreeResource
FindAtomA
VirtualAlloc
LockResource
GetModuleHandleA
AddAtomA
FindResourceA
SizeofResource
LoadResource

user32

wsprintfA
ValidateRect
WindowFromDC
WindowFromPoint
wvsprintfA
WaitForInputIdle
UnregisterClassA
UnregisterHotKey
VkKeyScanExA

advapi32

CryptSignHashA
CryptGenKey
RegDeleteValueA
CryptGenRandom
CryptDecrypt
RegCreateKeyA
CryptHashSessionKey
CryptGetKeyParam
RegQueryInfoKeyA
CryptVerifySignatureA
RegSetValueA

Exports

Exports

bqmhclklof
sbidhqdko

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1021B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 430B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ