a44c679f4329ce75349a099e368733c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a44c679f4329ce75349a099e368733c3_JaffaCakes118
Size

41KB
MD5

a44c679f4329ce75349a099e368733c3
SHA1

632369b6f91af2421612467a64e9c707a43463bc
SHA256

ca209fd2c2114a0f1c739ea1135d37759e0e9d77702331d5c142626cb6938de7
SHA512

9828a9ea9775e7daee0a90a3596b10f56ee1472d7cd1c662cad3ba9bf6f594995fdbc61d0b1daf5e4c32c6a2933f25a9ba76f8dfa43db77037e0973acb4be5af
SSDEEP

768:m7W0ZlpHx4IY03IPS3WZya7GWFSoG3xHs7XojObsFpLi9b1aI:mHfvYGCyYGWFSvKwLLiF4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a44c679f4329ce75349a099e368733c3_JaffaCakes118

Files

a44c679f4329ce75349a099e368733c3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

711c9838f9d47263b2ccfaa00fcc6aa5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetProfileSectionA
HeapLock
LoadLibraryA
ReadConsoleOutputA
ChangeTimerQueueTimer
GetLastError
ReplaceFile
GetSystemInfo
GetCurrentProcessId
GetCommModemStatus
VirtualFree
ExitThread
GetFileAttributesExA
GetExpandedNameA

user32

EnableMenuItem
CreateWindowStationA
GetWinStationInfo
GetNextDlgTabItem
CharUpperBuffW
DrawAnimatedRects
PostThreadMessageW
GetGUIThreadInfo
PostThreadMessageA
GetClassNameA
CallMsgFilter
GetDlgItemTextA
GetClipboardViewer
HiliteMenuItem

Exports

Exports

Cpcturksq
IsLfxkcet
EndLegpxkfnnje
CloseXipddli
BeginEhfyohgpcuq
CloseNwjvgvjls
IsOpmtmynx
IsYwtkwwj
Fuyhrrc
Syjqmqktisb
BeginJyhesygqp
Sbblkcemmp
Spoxlkoavw
EndIetejflm
Xhpefsmck
OpenBrbrfoycdg
Xhvoxvyhaol
Glysfexd
CloseInqenlh
Xmfcuqbofhc

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ