e0ec92dd222c5e6a67827e06a4d58684_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e0ec92dd222c5e6a67827e06a4d58684_JaffaCakes118
Size

53KB
MD5

e0ec92dd222c5e6a67827e06a4d58684
SHA1

fef6e92d4561726d7e77418afa96be8ca27d9af9
SHA256

a9013d2e6a292c46cd5d0f5ea4bd0239f78dec3091fdd5117447d70630646f27
SHA512

52804a70ddbde16d30d21a932ed3ef207a92b92f50b4bceb54af19fa14cb864e9b2dd7da9cdeb3726688163eb7012b051191c93753b4ca40783773f8a7ca1861
SSDEEP

768:fYMvTqAxbOdZBjgjr+Gkm/xR+YNwotwyPj3CDh9fEzIy08ss6ehWt8WumFiC:fhWsboZejrk+RN/lmDSIhyWidVC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0ec92dd222c5e6a67827e06a4d58684_JaffaCakes118

Files

e0ec92dd222c5e6a67827e06a4d58684_JaffaCakes118
.dll windows:9 windows x86 arch:x86

c8a2aa7f0c2c1d8d378ac3985551407f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comptmsg

PathResolve
DragFinish
wcscmp
wcstombs
DAD_DragMove
_wcslwr
CtfImmIsGuidMapEnable
sin
isupper
DuplicateIcon
__iscsym
_vsnprintf
_ltoa
wcstol
ILSaveToStream
sprintf
RealShellExecuteA
toupper

kernel32

SetThreadPriorityBoost
CreateFileA
ReadFile
CreateEventA
CreateFileMappingA
GetCurrentDirectoryA
IsBadStringPtrA
GetThreadLocale
RtlZeroMemory
VirtualQuery
SetFilePointer
WaitForMultipleObjectsEx
MapViewOfFileEx
SleepEx
SetFirmwareEnvironmentVariableA
IsProcessorFeaturePresent
UnmapViewOfFile
EncodePointer
ReadFileEx
OpenThread
WaitForMultipleObjects
DecodePointer
ExitProcess

Exports

Exports

CreateProcessNotify
GDIress

Sections

.text
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ