e09bff115128cc0eedc6692c83f02866_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e09bff115128cc0eedc6692c83f02866_JaffaCakes118
Size

154KB
MD5

e09bff115128cc0eedc6692c83f02866
SHA1

27c98c589855a2bbdcea59cac679061f055f6085
SHA256

a585858ca872efcdb8bc1a187fec42c09e382f978a663aa4b38bb447e6f7cbaa
SHA512

dfb634accec9ec9fb8dabeab06318551932008337bd5c969b6dbcc2802befa2f25c90f9e6080fbd525b03900e637709ba2a1dc3f597244509415ef4831bacfb0
SSDEEP

3072:MWNCYHDMh6LcZnsUem0JT/91UmdIVMUWdK9vdiajEgj:MWxHDLqnV099qqQvQat

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e09bff115128cc0eedc6692c83f02866_JaffaCakes118

Files

e09bff115128cc0eedc6692c83f02866_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dea91e8448f038f16c318ee96324ddd0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetACP
GetEnvironmentStringsA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemDirectoryA
GetTickCount
HeapAlloc
HeapCreate
HeapSize
LeaveCriticalSection
ReadProcessMemory
TlsFree
lstrcatA
lstrcmpiA
lstrlenA

msvcrt

wcscpy
__p__commode
__set_app_type
exit
free
strspn
wcscat
wcscmp

user32

DestroyWindow
GetDesktopWindow
GetSubMenu
RemoveMenu
DeferWindowPos

oleaut32

ClearCustData
SafeArrayDestroy
OleIconToCursor

shlwapi

SHDeleteEmptyKeyA
PathFileExistsA
PathBuildRootA
SHOpenRegStreamA
SHSetValueA
PathGetCharTypeA
PathGetDriveNumberA
StrChrA

Exports

Exports

CoRegCleanup

Sections

.text
Size: 75KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ