ce472f6a423702d4810517f6239a61cd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ce472f6a423702d4810517f6239a61cd_JaffaCakes118
Size

63KB
MD5

ce472f6a423702d4810517f6239a61cd
SHA1

c9ca61203d7f274be4d929ae190cc60fcba19198
SHA256

f98c3b8645c55e129e891cf714cf7010aad2aa195c8ef4b8adc7b689201b9350
SHA512

5bb7b6f776de47aab022af65801655289225c5f48d7881a39f73b516189a84132304881f85af3799c4fcb57ca8eba461b5f0255d59678dcdbc7eaedd101e68c9
SSDEEP

1536:ZcIBgEKzzfG9X7rnmCAysK+eoeYYzxAAFsqbDBkZ:ZcIBgEKzK9rrmusqLzWAyqfBkZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ce472f6a423702d4810517f6239a61cd_JaffaCakes118

Files

ce472f6a423702d4810517f6239a61cd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8cae65b42ea36884a9e38532ea1a70b5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

SetDIBColorTable

wsock32

WSACleanup

ws2_32

inet_addr

winmm

waveInUnprepareHeader

msacm32

acmStreamUnprepareHeader

shell32

ShellExecuteA

wininet

InternetReadFile

urlmon

URLDownloadToFileA

avicap32

capGetDriverDescriptionA

msvfw32

ICCompressorFree

imm32

ImmReleaseContext

Exports

Exports

MainService
MainWork
ServiceMain

Sections

CODE
Size: 54KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE