f0cacef8d34f595a1635e14468491595_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0cacef8d34f595a1635e14468491595_JaffaCakes118
Size

145KB
MD5

f0cacef8d34f595a1635e14468491595
SHA1

28472b10d89084b84d50f1b2ab8cbb767ba1e0ad
SHA256

29312ef099ca69c9bf363105047d82b0176d917041c6cb0693ae80879dfa5911
SHA512

dfd9208c1a0235f469c6fb1b16603c88c9e03df7aaba4124b1aa38a90097f3670d5dee3a2c5ad203ea676c6ee9571fab6275fa3c605dfa78c63301fa7a2045c0
SSDEEP

3072:DBGR7l7IqIzagLQ0HXeE+zET1dON+toe9xrrkwBHS1/DZ4y:Dczkqx/uTXOco8xrrkwO9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0cacef8d34f595a1635e14468491595_JaffaCakes118

Files

f0cacef8d34f595a1635e14468491595_JaffaCakes118
.dll windows:4 windows x86 arch:x86

4bc31567504b384fb09d06399500d86c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FatalAppExitA
FindResourceA
GetACP
GetCommandLineA
GetFileType
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GlobalReAlloc
HeapAlloc
HeapCreate
HeapReAlloc
InitializeCriticalSection
IsBadStringPtrA
IsValidCodePage
MultiByteToWideChar
RtlUnwind
SetEnvironmentVariableA
SetLastError
SetUnhandledExceptionFilter
SizeofResource
Sleep

msvcrt

__p__commode
__set_app_type
exit
isdigit
wcscpy
__getmainargs

user32

IsZoomed
PostQuitMessage
RemoveMenu
SetMenuItemInfoA
SetTimer
TranslateAcceleratorA
UnionRect
EnableMenuItem
CreateIconIndirect
MsgWaitForMultipleObjects

ole32

CoGetMalloc
CoCreateInstance

Exports

Exports

D3DFree
D3DMalloc

Sections

.text
Size: 94KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ