96583d87e767f140895bceb0d74c624f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

96583d87e767f140895bceb0d74c624f_JaffaCakes118
Size

153KB
MD5

96583d87e767f140895bceb0d74c624f
SHA1

ad7c5ac2dfcfa26ea724b3de19e06b4e2016a2b1
SHA256

eda78a4e5ff6ac5aeb679e4c7ac8c5d3653b2aea0dc0719b80af310b82d5470f
SHA512

7fb1a4abd36ce931f67a0cd724c36356e465e78bb71631096bbb6e7d0dc26a01fce104cffaa3fd7225c3b1331551288dbed6292d59dc49699ed0899d9cad692e
SSDEEP

3072:FbDeQJ6p+zeiNIJeeRM+VkiXqFla2e4ssCc0eZRc2huSx/:FbDeK6HJeyMuJ6TarsCOs2huSx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
96583d87e767f140895bceb0d74c624f_JaffaCakes118

Files

96583d87e767f140895bceb0d74c624f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dea91e8448f038f16c318ee96324ddd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetACP
GetEnvironmentStringsA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemDirectoryA
GetTickCount
HeapAlloc
HeapCreate
HeapSize
LeaveCriticalSection
ReadProcessMemory
TlsFree
lstrcatA
lstrcmpiA
lstrlenA

msvcrt

wcscpy
__p__commode
__set_app_type
exit
free
strspn
wcscat
wcscmp

user32

DestroyWindow
GetDesktopWindow
GetSubMenu
RemoveMenu
DeferWindowPos

oleaut32

ClearCustData
SafeArrayDestroy
OleIconToCursor

shlwapi

SHDeleteEmptyKeyA
PathFileExistsA
PathBuildRootA
SHOpenRegStreamA
SHSetValueA
PathGetCharTypeA
PathGetDriveNumberA
StrChrA

Exports

Exports

D3DMalloc
Direct3D_HALCleanUp
EapcfgNodeFromKey
UpdateFromComponentChange

Sections

.text
Size: 74KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ