b3448ed205235e99a8b5579740437b46_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3448ed205235e99a8b5579740437b46_JaffaCakes118
Size

64KB
MD5

b3448ed205235e99a8b5579740437b46
SHA1

419556dc99be921efc0474f95a53b09c9ad8aafc
SHA256

756874de679319384c9ccbf6dcdb5559f647ba7fbecdf7ed8efb1a01f71dc3c7
SHA512

bd9124ba87b460a59155ce11c8a4e0ca967b9555bd84c5a89b44a758f8de13994605499cf83faf3f5d43f8a56d5f1ae2560c2d750846a97d4cbdcf97ca894968
SSDEEP

768:tuzf7ZXhbdlJqHBOE6ywtBgvvK3etUc33Rs1Eekpehef41Hwyk49sPk4/gwD:tuHrBjqoE6XngXRU6K1Ee0a91QzSwD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3448ed205235e99a8b5579740437b46_JaffaCakes118

Files

b3448ed205235e99a8b5579740437b46_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5c2cd0cda4a803af281907c0066ace07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessShutdownParameters
SetConsoleTextAttribute
GetCurrentProcess
IsSystemResumeAutomatic
ClearCommBreak
WriteConsoleOutputA
RaiseException
GetVolumeInformationA
WriteConsoleOutputAttribute
LocalUnlock
lstrlenA
ConnectNamedPipe
GetEnvironmentVariableA
GetNumberOfConsoleFonts
OpenMutexA
GetThreadLocale
IsBadCodePtr
ResetEvent
LocalAlloc
SetCommState
WriteProcessMemory
SetEvent
GetPriorityClass
VirtualAllocEx
HeapWalk
GetSystemDirectoryA
OpenEventA

wininet

ResumeSuspendedDownload
FtpRemoveDirectoryW
InternetQueryDataAvailable
FtpSetCurrentDirectoryW
InternetGetConnectedStateExA
InternetUnlockRequestFile
FtpSetCurrentDirectoryW
InternetCrackUrlA

Exports

Exports

Mqmefawet
SetNteajdtrgqm
Afhbaovpyu
AddNavukfr
CreateByjgyrfw
IsCpmngic
Cmbdviwf
WriteEvsohyodtf

Sections

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ