ad3d9c1a9df864cd7f38dfd5d4202238_JaffaCakes118 | Triage

Sharing

General

Target

ad3d9c1a9df864cd7f38dfd5d4202238_JaffaCakes118
Size

1.1MB
MD5

ad3d9c1a9df864cd7f38dfd5d4202238
SHA1

54297130b4ab80af956cd9ab5d45669cb00ebd1f
SHA256

8da42e854bb30c3dbdf249d6ab0d4e8988538b3fce0968631611aa612737c21f
SHA512

bb6fa1f178e709f9852e519c6a810578f2c61ebedf2c84b5bbe0bd46dff4a46a251f4b540126fb9ca0adfdf4b5b64a0f1d81ed3c08fe8b2e1a48bc1ac804408e
SSDEEP

24576:qUZWdskTaw7q4z/xrg0Y1NKAVmLp3adgxi0b+wjl170VlN:zZNkTTz/e14AVmNad0PwVlN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad3d9c1a9df864cd7f38dfd5d4202238_JaffaCakes118

Files

ad3d9c1a9df864cd7f38dfd5d4202238_JaffaCakes118
.dll windows:5 windows x86 arch:x86

42eed30b7d81d808fd978e9750763d25

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA

gdi32

CreateDCA

gdiplus

GdipCloneImage

msvcp60

??0_Lockit@std@@QAE@XZ

msvcrt

strrchr

netapi32

Netbios

user32

GetWindowTextA

wininet

InternetOpenUrlA

ws2_32

inet_ntoa

psapi

GetMappedFileNameW

advapi32

RegQueryValueExA

Exports

Exports

COMResModuleInstance
DriverProc
KsCreateAllocator
KsCreatePin
kScREATEtOPOLOGYnODE
ServerMain
modMessage
modmCallback

Sections

.text
Size: 22KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ