bfd6a638d08a971909d788b59de64eca_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfd6a638d08a971909d788b59de64eca_JaffaCakes118
Size

171KB
MD5

bfd6a638d08a971909d788b59de64eca
SHA1

fd2cbd9ef5b831f51e1a1bd354fdeb4da5db2dc6
SHA256

c3299d453e4f745ea07fce1fc5a25929afe2ea1fb17b1c2970249e445c3512c7
SHA512

b104a521d10aa54725809036079603e4165ed38807d131220f0d203675552e1233b630419fc3db386aa33270329d88b3e60bdec9673cacf8bc486566ab004d82
SSDEEP

3072:WWrbEG5sxnFTFJV0ZVFC0W2trqD3iEW61wKTyWuq9qgjizHdnVY:WWxs7ZJVSHfVkfW6B+E4wwHdV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfd6a638d08a971909d788b59de64eca_JaffaCakes118

Files

bfd6a638d08a971909d788b59de64eca_JaffaCakes118
.dll windows:4 windows x86 arch:x86

619e995284a589bc2dbdd14297d9d6c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
GetACP
GetCommandLineA
GetDriveTypeA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
HeapAlloc
HeapCreate
HeapReAlloc
InterlockedIncrement
MultiByteToWideChar
OpenEventA
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
VirtualQueryEx
lstrlenA

msvcrt

wcscpy
__p__fmode
strspn
__p__commode

user32

DefWindowProcA
SetClassLongA
UpdateWindow
BeginDeferWindowPos
CloseClipboard

oleaut32

SafeArrayDestroy
OleLoadPicturePath
OleLoadPicture
VarBstrCmp
SysStringLen
SysFreeString
SetErrorInfo
SafeArrayAccessData
SafeArrayCreate
SafeArrayAllocData
GetErrorInfo
OleIconToCursor

shlwapi

SHRegGetPathA
StrStrA

Exports

Exports

SurfaceFlipNotify
VersionNumberUCScribe

Sections

.text
Size: 103KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ