b686a97c29cd1543e5915e526bbd7aa9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b686a97c29cd1543e5915e526bbd7aa9_JaffaCakes118
Size

146KB
MD5

b686a97c29cd1543e5915e526bbd7aa9
SHA1

aa96881e0cc662340b6be322bbc766d4a5b9aa26
SHA256

1c947ddd9be70c801cc388397ebabe4e6a1b05602d32b5dd81136ad7f8efb6ab
SHA512

e78be7d99952b3985fd05ddfa6f34ee90a6ec64f3b90053f316c6354440767c6688666cfe324b0a89162b3f6914a90b016c92cea5f3bea84630ef83dcbd9309b
SSDEEP

3072:W6AUHQu4iBLNHTe+7rjZLYdgcHu4zchxmsTMsibDUXd:Wvu4yLNHzfFMJHpiUciPUX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b686a97c29cd1543e5915e526bbd7aa9_JaffaCakes118

Files

b686a97c29cd1543e5915e526bbd7aa9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

17db30584459669f2211e41d212cb528

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateThread
ExitProcess
FindResourceA
FlushFileBuffers
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetStartupInfoA
GetSystemTimeAsFileTime
GlobalReAlloc
HeapAlloc
HeapCreate
HeapReAlloc
IsBadStringPtrA
LocalFree
MultiByteToWideChar
OpenEventA
RtlUnwind
SetEndOfFile
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
VirtualFree
WideCharToMultiByte
lstrcmpA
lstrcpyA

msvcrt

__p__commode
__set_app_type
exit
strspn
swscanf
vswprintf
__getmainargs

user32

GetCursorPos
GetWindowTextA
SystemParametersInfoA

winmm

mmioAscend
mmioGetInfo
mmioRenameA
mmioSetBuffer
waveOutGetNumDevs
mmioAdvance

Exports

Exports

SetSetupOpen
bpf_image

Sections

.text
Size: 94KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ