a7ba66e3312cfa92b4125396ec15158d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a7ba66e3312cfa92b4125396ec15158d_JaffaCakes118
Size

28KB
MD5

a7ba66e3312cfa92b4125396ec15158d
SHA1

303c6536b01f83cfebe09482e22c8479d6cb8ff4
SHA256

8d26298def22d16c7177cc7593b6abdc9c3eac73dd161aaa1f1b848ca6b3d79e
SHA512

1ae664e5ef1ef068766133ac99c1a86a021e980e4002781d8d5439f3f3535901c48ecc9f8a863438fb70042e54a0d9abed09bc17c50a63b5f77986f1844f1b9a
SSDEEP

384:xkIIa0yDA/5sIiM+Pirp4e46p9+oTyXDnu:qIjK/GXPirp4eT9+oTQDu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7ba66e3312cfa92b4125396ec15158d_JaffaCakes118

Files

a7ba66e3312cfa92b4125396ec15158d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

67500916fc2dcbd9e2d88083fddee2ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
DebugBreak
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
LeaveCriticalSection
VirtualQuery
LoadLibraryExA
GetSystemDirectoryA
GetProcAddress
lstrcatA
GetModuleFileNameA
GetFileAttributesA
GetDriveTypeA
lstrcpynA
VirtualProtect
GetModuleHandleA
lstrcmpiA
IsBadReadPtr
GetVersionExA
lstrlenA
EnterCriticalSection
lstrcpyA

advapi32

RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA

Exports

Exports

AlphaBlend
DllInitialize
GradientFill
TransparentBlt
vSetDdrawflag

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 626B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ