d2482a0c05932e60f20c4390b07236ba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2482a0c05932e60f20c4390b07236ba_JaffaCakes118
Size

46KB
MD5

d2482a0c05932e60f20c4390b07236ba
SHA1

2db86560b79b07a8e5e27ed5d6f9d482794d6a20
SHA256

fc4998c3b0401ec166c57a2227e8477ced65c95726682e75ecc3aa57e750c3f3
SHA512

1b6202430af035170742298add1496a9e0b0967d3697390f4687b99e078f99491629fd094db10ff939e7411077414cf6a673a075c9a289c0a615b79f36897b09
SSDEEP

768:M8xsBYHM7wU6/kb7sg2Jz+qsXoGNYMrnPvmcWRqJbOE81rp3F8uWmsqm:MCsfWkvr2JbSNYM5ocOE8Vp3F8efm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2482a0c05932e60f20c4390b07236ba_JaffaCakes118

Files

d2482a0c05932e60f20c4390b07236ba_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b24aea8412ff320b9506c04382261d9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

IsWindow

gdi32

DeleteDC

advapi32

IsValidSid

shell32

SHGetFileInfoA

wininet

InternetCloseHandle

shlwapi

SHDeleteKeyA

msvcrt

_beginthreadex

winmm

waveInOpen

ws2_32

WSAStartup

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

imm32

ImmReleaseContext

avicap32

capGetDriverDescriptionA

msvfw32

ICSeqCompressFrame

psapi

GetModuleFileNameExA

wtsapi32

WTSFreeMemory

Exports

Exports

ServiceMain
ServicemixX
cervicemixX
svchostdkx

Sections

.text
Size: 39KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE