b66005f45435302e2b62d72054f6cdb9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b66005f45435302e2b62d72054f6cdb9_JaffaCakes118
Size

161KB
MD5

b66005f45435302e2b62d72054f6cdb9
SHA1

f42e41db8d516ee8c199c61311e409d3798165e7
SHA256

0bcde4757b25537ef264412de478de615542ede65a182f0d8b70c6801e96c16b
SHA512

dbb1d1a1a588defd1488d075fe5decf09022d1e42ae7a2e36d6493e89ae03a6c4d08bbf108ffb5bed86487a1132ce1623994c9226194cc0c3bbe93369f1f9706
SSDEEP

3072:/pRogmZ8jnkPJngXP3cU1Ox+C3OT5AB0jit9Z99Csw0xrPsnw:/HogmZ8jni+B4+C65AB0jit9V3a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b66005f45435302e2b62d72054f6cdb9_JaffaCakes118

Files

b66005f45435302e2b62d72054f6cdb9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92553d91778e2a8cae602512a2cf80db

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
ExitProcess
FindResourceA
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetProcessHeap
GetStartupInfoA
GetSystemInfo
GlobalLock
HeapAlloc
HeapCreate
InitializeCriticalSection
InterlockedDecrement
LoadResource
MultiByteToWideChar
RtlUnwind
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TlsGetValue
WriteConsoleW
lstrcmpA

msvcrt

_exit
time
wcscmp
fprintf

user32

RegisterClassA
EndDialog
LoadMenuA
DrawFrameControl
DefFrameProcA
DefDlgProcA
InvalidateRgn
GetMenuCheckMarkDimensions
FrameRect
DrawIconEx
EnumChildWindows

oleaut32

VarBstrCmp
SafeArrayAllocDescriptor
SafeArrayDestroy
SysReAllocString
SafeArrayAccessData

shlwapi

PathGetDriveNumberA
SHEnumKeyExA
PathAppendA

Exports

Exports

GetCaptureDeviceFormat
UpdateFromAppChange

Sections

.text
Size: 102KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ