b64c8cb8251b1d10d80f0589b8c11fb2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b64c8cb8251b1d10d80f0589b8c11fb2_JaffaCakes118
Size

120KB
MD5

b64c8cb8251b1d10d80f0589b8c11fb2
SHA1

87cda6ab4eeb9c2f4bd8438c7a2a8a0c9e334870
SHA256

8ecd8b411f4769132781acffa9cbf4901864bee435c252c4ac07618ccc53fd4b
SHA512

d043828dc2698f9b38b87d9e94114ef43b995855a379c7e96356c8ec12776dbe9b4b2a5a32e203c7b6f322db01e0fd7560487bbfc3d64b2d1c3ea649fb9f70b9
SSDEEP

3072:cqjWI7O3DNYrPVx87/Eg2DGanA/CUXbtk231rnK:ZWIsKVm7s/ianyCUq2lr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b64c8cb8251b1d10d80f0589b8c11fb2_JaffaCakes118

Files

b64c8cb8251b1d10d80f0589b8c11fb2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9b6ffcc82d261d1067ed2f4b7aaa6dcd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetDiskFreeSpaceA
GetCommandLineW
UnregisterWait
VirtualAllocEx
SetFileTime
GetVersionExA
ReadConsoleA
ExitProcess
GetFileSize
WritePrivateProfileSectionW
ReadFile
SetUnhandledExceptionFilter
WriteFile

user32

BringWindowToTop
LoadBitmapA
RemoveMenu
MenuItemFromPoint
DialogBoxIndirectParamAorW
BroadcastSystemMessageExW
MenuItemFromPoint
ActivateKeyboardLayout
GetWindowTextA
PrivateExtractIconExA
InvalidateRect

msvcrt

memcpy
_snwprintf
toupper

tapi32

lineDrop
lineSetAgentStateEx
lineCreateAgentSessionW
lineConfigDialogEdit

Exports

Exports

Krinopwsjc
Cpcecuc
CloseEdvktocnr
Mfaimgwq
Mslctim
IsMvhyisdaifd
Nwlgjgbe

Sections

.text
Size: 108KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 516B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ