fa3f9d8dc5e08249c28dcc6dd1b2aca3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa3f9d8dc5e08249c28dcc6dd1b2aca3_JaffaCakes118
Size

178KB
MD5

fa3f9d8dc5e08249c28dcc6dd1b2aca3
SHA1

f2aaccd0abb9ef50e2dc5fce4c43566bca38fcee
SHA256

2bf03722db5531f8d748aa5004c0cf34b1701e04ce801a2e66356004351e0994
SHA512

d2c570c2c3b839b5dc540d5c17726f36161d2afb25e868deaf035e9da5fe95b3b67055332481043a1791937b258fd0bc087d6c2885a5e23f149871751ea526da
SSDEEP

3072:nn5hqsHiYL13k1y5LfEpHpQJSdvrUfNTbtjWXUYzwePk0mfuYNgos3a+YZbQpTcZ:nnTqVU1U1ytnJ5bmzZc09Pna+gbQpfG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa3f9d8dc5e08249c28dcc6dd1b2aca3_JaffaCakes118

Files

fa3f9d8dc5e08249c28dcc6dd1b2aca3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3eaaf277a78ad676e4d907885cd68d70

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
DeviceIoControl
DuplicateHandle
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetACP
GetCommandLineA
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcessWorkingSetSize
GetStartupInfoA
HeapAlloc
HeapCreate
HeapReAlloc
LoadLibraryA
MultiByteToWideChar
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
lstrcmpA

user32

WindowFromPoint
SetClassLongA
FrameRect
DrawTextA

ole32

CLSIDFromString
CoBuildVersion
CoCreateInstance
CoGetMalloc

oleaut32

VarBstrCmp
RegisterTypeLi
OleLoadPicture
GetErrorInfo

Exports

Exports

D3D9UnregisterVertexBuffer
UnregisterFatBinary
WaitForDisc

Sections

.text
Size: 109KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ