d5c99efb7dda6c5a071677eca31586b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5c99efb7dda6c5a071677eca31586b2_JaffaCakes118
Size

173KB
MD5

d5c99efb7dda6c5a071677eca31586b2
SHA1

13e6944ff4725bee83375463b10f4f0d164580e9
SHA256

4fe7a8b749b4cfcf8e467e8b3c83716015a652afaaad9ce3388f5bf0b33beafa
SHA512

2049dadc45cae781ff9d5a877cb886d4062fe172e07b69b2cb59d797790113ab45d472dad35c50d38ce2af3739f67cff0b7a91e6980ea70f274b4d00ec3dadbd
SSDEEP

3072:MzgiChgIEJJv1H/ImeMMuhn0ybAfw6QIzG3o1dCw9NtQoSXZsjetxK8k8PlFq9:MJChgH9H/GUNhsxioz98oEZPtxK8k8Pm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5c99efb7dda6c5a071677eca31586b2_JaffaCakes118

Files

d5c99efb7dda6c5a071677eca31586b2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d3b6d86b97caf2b698db983d590cfc89

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
LoadLibraryA
GetProcAddress
VirtualAlloc
LocalAlloc
GetModuleFileNameA
GetOEMCP
GetProcessHeap
GetCurrentThreadId

user32

DrawMenuBar
GetDesktopWindow
DispatchMessageA
GetWindowTextLengthA
GetSysColorBrush
DestroyMenu
CharUpperA
IsChild
GetTopWindow
GetMenu
DestroyWindow
DestroyIcon
DeleteMenu
DestroyCursor

Exports

Exports

_EBKOvE@16
_pcmU0N
_pYqakHdKT5KU1@24
_AhxhzCH9k440@16

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 183B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.rdata
.reloc
.rsrc/0/DIALOG/TEXTFILEDLG
.rsrc/0/MANIFEST/1
.xml
.rsrc/0/RCDATA/DVCLAL
.rsrc/0/STRING/4094
.rsrc/0/STRING/4095
.rsrc/1033/BITMAP/BBABORT.bmp
.rsrc/1033/version.txt
.text