a95bb34a48a308c5f91e1b4c980f135d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a95bb34a48a308c5f91e1b4c980f135d_JaffaCakes118
Size

814KB
MD5

a95bb34a48a308c5f91e1b4c980f135d
SHA1

7d4f94ee015c12c97ad9d1857355679ad78e7a11
SHA256

e5ea3ec3c593e9c44d8c047dd81e9823b1d76f752532f23aa2122b02ffeb2ea1
SHA512

394e2051fda24916f803428c16a3ec9e499d981c3e1b9eea949e16fbe37691c004b5211035714644acf0a52af82ebbb6f569a0b0cde5f8a026c5ea184bca43da
SSDEEP

3072:iCmRu8yt4kSKcnZYR1TIU3vGKP6EOljPgkCmRu:iR7ytzg6R1TdOc6ljPDR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a95bb34a48a308c5f91e1b4c980f135d_JaffaCakes118

Files

a95bb34a48a308c5f91e1b4c980f135d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

736a8101aeda7ce3878b939744a37f74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
SetFileApisToANSI
CloseHandle
RestoreLastError
ReadFileScatter
LocalAlloc

ntdll

RtlGetProcessHeaps
RtlDoesFileExists_U

user32

GetWindowRgn

ole32

CLIPFORMAT_UserMarshal

gdi32

CreateHatchBrush
PathToRegion
GetTextCharacterExtra
GetROP2
GetPolyFillMode
GetGraphicsMode
FillRgn
Ellipse
DeleteObject
CreateEllipticRgn
PtVisible
SetArcDirection
SetDCBrushColor
SetGraphicsMode
StrokePath
SetRectRgn
SetLayout
PtInRegion

shlwapi

SHSetThreadRef

shell32

SHIsFileAvailableOffline

winfax

FaxGetDeviceStatusW

Exports

Exports

r92vsg

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ