ae6868cd66d841458bc7c606042de3b9_JaffaCakes118 | Triage

Sharing

General

Target

ae6868cd66d841458bc7c606042de3b9_JaffaCakes118
Size

49KB
MD5

ae6868cd66d841458bc7c606042de3b9
SHA1

4e514d05874a501ae9022d85daffe305a1a66f6d
SHA256

088ecd55d1bdae2dc20d4d0c0ae304a290aea1e73e50fd6e45b39f840b9a6ce6
SHA512

51dfd948410e4f96b0fc1edee79c966307312aa6eb8c55f904f1ff3bed7e5a282d806a1aa16efa68ae59c5c78b9045d8ddc9388037b505c9044f896175bf5ae3
SSDEEP

768:hOCeT0ZqD48IXNhKv+tjs8C/CaDOBAP5r3cEZ+kNJ7JiaIkHmS1z3YDam1bi:hOR0ZVDvHAO7BA9+krJGkG6Mar

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae6868cd66d841458bc7c606042de3b9_JaffaCakes118

Files

ae6868cd66d841458bc7c606042de3b9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5218bb8041e8662b376a8786058dd79f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

psapi

GetModuleFileNameExA

advapi32

RegCloseKey

winmm

waveInUnprepareHeader

user32

ExitWindowsEx

gdi32

DeleteObject

ole32

CreateStreamOnHGlobal

shlwapi

StrCmpW

shell32

ShellExecuteA

imm32

ImmReleaseContext

msvcrt.dll

malloc

avicap32

capCreateCaptureWindowA

ws2_32

listen

Exports

Exports

gytfredwse
ServiceMain
qwaszxerd

Sections

.erdf
Size: 25KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

edrft
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtyhgj
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE