efcf61a12e3cfb141ccddde2e8ecb625_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efcf61a12e3cfb141ccddde2e8ecb625_JaffaCakes118
Size

64KB
MD5

efcf61a12e3cfb141ccddde2e8ecb625
SHA1

12f34c7a20bf550a507908b1a639ffe85dcef37e
SHA256

e8456ff0eb5a331b1bba69dc02917a7401b88821b8fc248c0c203f3d12796f39
SHA512

ad3bbc9e1b7e8978a544210d80d2c7604c56f093f67bf577a3145ec9445494246646550d8a5dff218d536064ae6b2256eeac9099f7bb8f38411c6512177e0e00
SSDEEP

1536:3c3+M6jzkbzWacuK3+M+ALTbfPI26VW5BVfs:s2jEtcfHLP4zErVf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efcf61a12e3cfb141ccddde2e8ecb625_JaffaCakes118

Files

efcf61a12e3cfb141ccddde2e8ecb625_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d77083efa6c9beb5ccb3d4fa3af08911

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileSectionA
IsBadStringPtrA
OpenJobObjectA
LoadLibraryExA
GetVersionExA
VirtualProtectEx
lstrlen
SetUserGeoID
WriteConsoleOutputCharacterA
WriteProfileStringA
GetFileAttributesA
FindVolumeMountPointClose
GetProcessWorkingSetSize
Heap32ListFirst
GetConsoleTitleA
CreateDirectoryA
VirtualAlloc
GetSystemDefaultLCID
GetSystemWindowsDirectoryA
SetConsoleInputExeNameA
CreateDirectoryExW
HeapUnlock
GetProcessHeaps
GetCommandLineA
GetCurrentProcess
RaiseException
SetUnhandledExceptionFilter

gdi32

SetViewportOrgEx

shell32

SHGetSpecialFolderPathA

winmm

timeGetTime
timeBeginPeriod

Exports

Exports

ReadOwdqpoauf
SetJdrrmiglb
Fxbljyunfb
Oyupbli
Bgqlcelxrjl
Ubsbewftmgk
Rfvqsptxu
InitUnjsxfvt

Sections

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 52KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ