be5340441baa95286ea5cbe12c833636_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

be5340441baa95286ea5cbe12c833636_JaffaCakes118
Size

210KB
MD5

be5340441baa95286ea5cbe12c833636
SHA1

28112c6d39ee50abb724024dcac8e2dd5aa6abdd
SHA256

87eacc2125d4ca7f8e5bbe05c17520a9178acbf317534568d12d82a016c1e262
SHA512

b409583f49b5953467fd6fb1bbcb4de71b38a05991b54976183eb2a8ff71bf47a09489bc495260e0e1c4206ecb2ecbb5fc8b3d264592dec7480a270bf0e13200
SSDEEP

6144:OHW89dVyLyqBlLvc7Dx0CuyOn8jv1H/5cyU2dj2lD:qqvLcxSn8jvJ36

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be5340441baa95286ea5cbe12c833636_JaffaCakes118

Files

be5340441baa95286ea5cbe12c833636_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5d096793814234c07f810d5f661fc1e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
FreeResource
LockResource
LoadResource
FindResourceW
SizeofResource
lstrcpyA
QueryDosDeviceW
GetLocalTime
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
lstrcmpW
CreateFileW
GetVolumeInformationA
SetLastError
DeviceIoControl
CloseHandle
GlobalMemoryStatus
SystemTimeToFileTime
GetLastError
GetProcessHeap
HeapAlloc
HeapFree

user32

CharNextW
wsprintfA
wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExA
RegCloseKey
CryptGenRandom
CryptAcquireContextA

mfc42

ord825

msvcrt

?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ

Exports

Exports

PIDGenA
PIDGenSimpA
PIDGenSimpW
PIDGenW

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ