dc92409d8eb97a98d0e4e12e6a0abd16_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dc92409d8eb97a98d0e4e12e6a0abd16_JaffaCakes118
Size

767KB
MD5

dc92409d8eb97a98d0e4e12e6a0abd16
SHA1

e1f8e1ee5d7c7151eebdda68af1ff67dceec4348
SHA256

eaa04fc97055f211122825a4ee145906cfc1e611c3ef68ca9f1ce52f9f231d8b
SHA512

27c07d5bd2aba6f44e33725e3b5ae306b39a8f7de299443927758e7de501c84e2d7e5b34d00caae8c1a29263ed0018ac6ebfab0b20dd3b6881cffd076c516c86
SSDEEP

3072:kl2lfK67F/Ada3FYrJ28pRNdSYUDKsypfaFM5FpUJ60OnCdrow7hwzl0AGji:m2dKq/AdgV2gh2h5aFyFOJ9h/7hwzqi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc92409d8eb97a98d0e4e12e6a0abd16_JaffaCakes118

Files

dc92409d8eb97a98d0e4e12e6a0abd16_JaffaCakes118
.dll windows:4 windows x86 arch:x86

78950a357536ccc4c5d7f51f63b4338b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsDBCSLeadByte
LoadLibraryA
GetProcAddress
GetVersion
Sleep
VirtualAlloc
VirtualProtect
VirtualQuery
IsDebuggerPresent
SetLastError
IsBadStringPtrA
GetComputerNameA
IsBadWritePtr
MulDiv
IsBadReadPtr

user32

IsChild
GetDesktopWindow
GetParent
IsWindowUnicode
GetWindowRect
GetClientRect
GetForegroundWindow
GetIconInfo
CopyIcon
GetDlgItem
IsMenu
SetLastErrorEx
BlockInput
InSendMessage
GetTopWindow
GetAncestor
IsIconic

advapi32

IsValidAcl
InitializeSecurityDescriptor

msvcrt

__doserrno
div
localeconv
_adjust_fdiv
malloc
_initterm
free
memmove
_memicmp
_set_error_mode
rand
time
frexp
ldexp
modf
_pctype
_isctype
__mb_cur_max
_ltoa

gdi32

GetBkColor
GetBitmapDimensionEx
GetBkMode

ole32

CoFileTimeNow

shell32

ord680
ord66

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ