8ab7fc13d905972b2766611454c86c86_JaffaCakes118 | Triage

Sharing

General

Target

8ab7fc13d905972b2766611454c86c86_JaffaCakes118
Size

150KB
MD5

8ab7fc13d905972b2766611454c86c86
SHA1

59c3afd2a328ed33fed3f0ccac7c041c1a671f57
SHA256

9cf81daf51bf158ecea848ff2e6232f956098000f8f602f514d5f16fe181143a
SHA512

44cb5003d47db672f6d6fb1fb41f0a2dc29ad29991331dd348744f4f78790ffb5fda3836d6d9576d502198225e0fdb6bdde8f13930a8f3404c90349bc7ab2177
SSDEEP

3072:TTWDGeQbILS00wgTQhkLGhBvgwWFdyR5vt2mG6:TTqjL4ijB+mT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ab7fc13d905972b2766611454c86c86_JaffaCakes118

Files

8ab7fc13d905972b2766611454c86c86_JaffaCakes118
.dll windows:4 windows x86 arch:x86

44dbb63847183a3f7c379297d8d7ddf2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW
CommDlgExtendedError

kernel32

GetModuleHandleW
FindClose
FindNextFileA
GetStringTypeW
FindFirstFileA
EnumResourceLanguagesA
WideCharToMultiByte
ReadFile
WriteFile
SetFilePointer
GlobalHandle
IsDBCSLeadByte
GetModuleHandleA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcessHeap
GetModuleHandleW
CreateProcessA
GetTempFileNameA
HeapFree
HeapAlloc
LoadLibraryW
InterlockedExchange
Sleep

oleaut32

DispGetIDsOfNames
CreateErrorInfo
OleCreateFontIndirect
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantInit
SysFreeString

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 97KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ