c837935ab9bbf02e612464e4f22931f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c837935ab9bbf02e612464e4f22931f7_JaffaCakes118
Size

28KB
MD5

c837935ab9bbf02e612464e4f22931f7
SHA1

13d75599e7bcf29981036e3f25ee36a7a176b6b9
SHA256

4646dbfc41245b45e1a70cfa82817804d847c3e7c69fecb20bbf9980af0573be
SHA512

016529aa0c599f48b72edfcb3b20e7201820c921036cbbe7f15cb309545bb127cca38430a9c3cacd8c8689062d8123b17c0cc81372592c812fd2f9f5c11fc4bd
SSDEEP

768:v3Arvf6Bdi+MuFB7tnvRhwx8f3HQhjxDI1gSP08F+6:vwraY2ZrwxDigSP0w+6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c837935ab9bbf02e612464e4f22931f7_JaffaCakes118

Files

c837935ab9bbf02e612464e4f22931f7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5fd5231551a64003d5f3aab517e3e9c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

imm32

ImmGetDescriptionA

user32

GetParent

enkeyres

ord4

oleaut32

SysFreeString

advapi32

RegCloseKey

wininet

HttpQueryInfoA

ws2_32

inet_ntoa

ole32

ProgIDFromCLSID

Sections

pec1
Size: 22KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE