bece18bbd94a751f0575fd83f2ddba5e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bece18bbd94a751f0575fd83f2ddba5e_JaffaCakes118
Size

152KB
MD5

bece18bbd94a751f0575fd83f2ddba5e
SHA1

74116522643f88bcd28d80b27ecbcf1f26f8ac01
SHA256

ef2cf42babcae1de28a9ada2aa61d903e602a898558732ab9a9c11370aed6fe3
SHA512

81a77cb1fe792cc05a0be354e6ec0893201231b90fb0a931aa22470195268c13efe7543779ffecd1030c98087488b20446310e5709c47205233b1216e5dc6a6f
SSDEEP

3072:WPmDZSetlLLLGqnrL0QDFu7dkTRMNpP8IZ9tKe7zeLmIaFc4:dDZbtpuQDFWkTRMNR8IZjK00gc4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bece18bbd94a751f0575fd83f2ddba5e_JaffaCakes118

Files

bece18bbd94a751f0575fd83f2ddba5e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

316f9ac0953e22e3de3dfa75e0763489

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStartupInfoA
VirtualAlloc
GetProcAddress
GetTickCount
IsDBCSLeadByte
InterlockedDecrement
LoadLibraryA
Sleep
QueryPerformanceFrequency
IsBadStringPtrA
IsBadReadPtr
IsBadCodePtr
IsBadWritePtr
VirtualProtect

user32

IsIconic
IsZoomed
GetTopWindow
GetWindow
GetDlgItem
IsClipboardFormatAvailable
IsWindowVisible
GetParent
GetDesktopWindow
BlockInput
GetWindowRect
GetWindowContextHelpId
IsCharAlphaA

advapi32

IsValidAcl
IsValidSid
AreAnyAccessesGranted
InitializeSecurityDescriptor
GetUserNameA

msvcrt

rand
memmove
_ultoa
_ltoa
_adjust_fdiv
malloc
_initterm
time
localeconv
_pctype
_isctype
__mb_cur_max
_errno
__doserrno
div
_itoa
free

gdi32

GetStretchBltMode
GdiFlush
GetPixel

ole32

CoFileTimeNow

shell32

ord680
DuplicateIcon
ord66

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ