c921169904c8ad4a5e5fef91a79f7709_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c921169904c8ad4a5e5fef91a79f7709_JaffaCakes118
Size

68KB
MD5

c921169904c8ad4a5e5fef91a79f7709
SHA1

a249f54fc665416f304cdbdcfb0e17538ed40cf5
SHA256

bf142c773a42ba65d83102a1f4eb05d83953f09a3db2e4070449368cf2c719a2
SHA512

d43e27e68800207e4c708279f5e4a1f013d9626666aeaa9dea8704e73a89b355458120182dd810e1705c9b8a4dfd3e69e566b0ae4e4b285be0f734d95c0e3db8
SSDEEP

1536:IgJ81Jt5/A0rNDTnFZlOB+eDU9sQKozNQWi1n6:s74al1OB+eDkvVQn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c921169904c8ad4a5e5fef91a79f7709_JaffaCakes118

Files

c921169904c8ad4a5e5fef91a79f7709_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3f3e6c48cea14071eec54163dd88277e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenW
lstrcmpiW
DeleteCriticalSection
InterlockedDecrement
CompareStringW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
Sleep
GetModuleHandleW
FormatMessageW
GlobalFree
GlobalAlloc
GetCommandLineA
VirtualProtect
TerminateProcess

user32

ChildWindowFromPoint
SendMessageW

advapi32

RegEnumKeyExW
RegSetValueExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

ole32

CoTaskMemFree
StringFromCLSID

msvcr71

free
__CppXcptFilter
wcslen
wcscmp
_initterm
_adjust_fdiv
_except_handler3
malloc
__dllonexit
_onexit

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ