cf58e8ad7d30d8f91c39851205bc5e03_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf58e8ad7d30d8f91c39851205bc5e03_JaffaCakes118
Size

31KB
MD5

cf58e8ad7d30d8f91c39851205bc5e03
SHA1

8a0c8988cb979d7c9077e062c88f19db783cce73
SHA256

324a2a449161d1dc13c42da506619f3e5cb8cdb084e28e5ed90c402415a70021
SHA512

099cd8746291c4d2087f250216648d126f9a73dbac3b84105700be48f5c826985a08634636f4a1446cce7446314e6c2ae2ce2f2f199b4048e335690bcacb4197
SSDEEP

384:YuhmR589HEB/QRTXKbizuBBQARQkXAPkAWmu:x8S9HxKGyBBQARQkXEkAWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf58e8ad7d30d8f91c39851205bc5e03_JaffaCakes118

Files

cf58e8ad7d30d8f91c39851205bc5e03_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c7e1525e406f1a7abd28f075f5874e6d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetWindowsDirectoryA
Sleep
CreateFileA
lstrcatA
ReadFile
GetModuleFileNameA
GetCurrentDirectoryA
ExitProcess
IsBadReadPtr
GetPrivateProfileStringA
CreateThread
VirtualAlloc
lstrlenA
VirtualProtect
CloseHandle

user32

KillTimer
SetTimer
wsprintfA

shlwapi

StrStrIA

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

_purecall
_strupr
atoi
fopen
fputs
fclose
fread
__CxxFrameHandler
strrchr
_strlwr
strncat
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

abgdtdtCharacterPlacement
fgfgerrrdBreak
n45fgfgMTextOut
n46hghseGDIWidthCache
nbgmjkotTextExtentExPoint
nbgtdtTextOut
nvbgtitControl

Sections

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shard
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ