947e84b34633dcb29a6afbd4f1a58980_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

947e84b34633dcb29a6afbd4f1a58980_JaffaCakes118
Size

173KB
MD5

947e84b34633dcb29a6afbd4f1a58980
SHA1

cf89b972f37d4f342d1334c55f682a501b6bc688
SHA256

75cb3e58c53d0e4d59199c2a61aefde539ca751da806243cce32415f150ea53f
SHA512

20976c79db91c4672e894fd76fc71124b904e39f103e9586e22f1ace91b009ce8c01cb052c57f07d34d920e183ca64f72c7c3a6c4ad33087bae26242e2647aa5
SSDEEP

3072:FWYyfar7kwJSMB+y3JdHzgTA19y/xgYNDBlgkQ2EzbmgZBJpLSB1:ww3dQQdHzgTA19yZgSB+jjhZnp2B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
947e84b34633dcb29a6afbd4f1a58980_JaffaCakes118

Files

947e84b34633dcb29a6afbd4f1a58980_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6e92aaab02a4382b50e02ac7b17b790b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
FreeLibrary
GetProcAddress
EnumCalendarInfoA
LoadLibraryA
WideCharToMultiByte
DeleteFileA
GetFileAttributesA
GetTempPathA
GetTempPathW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
LockFile
LockFileEx
UnlockFile

oleaut32

SafeArrayDestroyDescriptor
CreateErrorInfo
VarFormatNumber
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantInit
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 122KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ