e04c354357c016efb0902b85c2cd78d5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e04c354357c016efb0902b85c2cd78d5_JaffaCakes118
Size

984KB
MD5

e04c354357c016efb0902b85c2cd78d5
SHA1

cf66ec277b6e2bf4c55aec8517a57c936cfa046b
SHA256

d33cf2827f8ab9216ff3b1af4eeabac313df84cca6cec56b7620e0eb02d0718e
SHA512

8bff0093999d0287bab00880d08993b4aea07ef626b828f52c8c740ab0cb4dcf4d9479853b745f31b0d61255cbf22f7b78a00ce5d224770f2d7722f337574a0f
SSDEEP

24576:3pJShh0glDWJbiyD9fgm9ulZN0Ek+hqz5hw:3boh0Pfomczk+hqvw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e04c354357c016efb0902b85c2cd78d5_JaffaCakes118

Files

e04c354357c016efb0902b85c2cd78d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f1887b98273c6c3f6c16f8ea97b2b974

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

version

VerQueryValueA

gdi32

UnrealizeObject

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wininet

InternetReadFile

Exports

Exports

hwndFF_BK01
hwndFF_BK02
hwndFF_BK03
hwndFF_BK05
hwndIE_BK01
hwndIE_BK02
hwndIE_BK03
hwndIE_BK05
show_BK01
show_BK02
show_BK03
show_BK05

Sections

CODE
Size: 914KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE