8d9c17777fa39d420b397af36f313ef8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d9c17777fa39d420b397af36f313ef8_JaffaCakes118
Size

242KB
MD5

8d9c17777fa39d420b397af36f313ef8
SHA1

82466e47204bc2626422627036b220e027aaa434
SHA256

bfeedd284db2193e9c50f2b6d7f5dee9569c87da089953e7d4c95edf4638b6ee
SHA512

6ac925be10548afe1313ea64e1e981df65d735f4fbcff487186fba613c73b32800368bdb0461ebd8059464df33e44d9b5ef5c0e4c0fe06b1fa97cdc7c005c570
SSDEEP

6144:11mZMbHVjwVYjUwDUaIrf+YPyzIcgyPxUerJyBK:7mZMAYjUwwak2YPGaUy4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d9c17777fa39d420b397af36f313ef8_JaffaCakes118

Files

8d9c17777fa39d420b397af36f313ef8_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dfc8879900634e83eadbb9fd144e35fb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathRemoveFileSpecW

kernel32

GetSystemDefaultLangID
HeapFree
GetProcessHeap
LZCreateFileW
InterlockedIncrement
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
GetCommandLineW
SetErrorMode
GetDriveTypeW
GetModuleFileNameW
InterlockedDecrement
LocalFree
OutputDebugStringW
GetSystemTimeAsFileTime
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
InterlockedCompareExchange
InterlockedExchange

user32

PostQuitMessage
GetMessageW
TranslateMessage
DispatchMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

oleaut32

DispGetIDsOfNames
OleLoadPicture
QueryPathOfRegTypeLib
GetErrorInfo
SetErrorInfo
VariantClear
SysReAllocStringLen

Sections

.text
Size: 124KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ