fa40de5054abc169400e3e673bf55d0f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa40de5054abc169400e3e673bf55d0f_JaffaCakes118
Size

170KB
MD5

fa40de5054abc169400e3e673bf55d0f
SHA1

0323716c4a9dd04b325330e6fc47b394e43d0b1f
SHA256

388be570a9c0734e85c53b78a44b0c4fbf7b0d5391c601dd206fe0d939d7d189
SHA512

fb44e02e23bdc1203349fbcc7d12abc8e7b68a0d85a468ffa5f055dcad10af5bf0c067c4e74901d8fdb77f48f04d2ddca3a69fa0b24dfcd7c4dd583cb8dfa904
SSDEEP

3072:rDVVrRS4d7f/74Q/LPLI3gSOetbsIiRT/ibKlDd:tO4N/Uyv2gS3bha/i+lD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa40de5054abc169400e3e673bf55d0f_JaffaCakes118

Files

fa40de5054abc169400e3e673bf55d0f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

54d335f61f197095a8c8262350c34109

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
FindResourceA
FreeEnvironmentStringsW
GetACP
GetCommandLineA
GetDateFormatA
GetModuleHandleA
GetOEMCP
GetPriorityClass
GetStartupInfoA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapReAlloc
MultiByteToWideChar
OpenProcess
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
SizeofResource

msvcrt

sscanf
__getmainargs
__p__commode
__set_app_type
exit
strpbrk
malloc
printf
fwprintf

user32

CreateDialogParamA
LoadIconA
SetPropA
CheckMenuItem

oleaut32

VarBstrCmp
VarBstrCat
SysStringLen
SysReAllocString
SysFreeString
SetErrorInfo
SafeArrayDestroy
SafeArrayCreate
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayAccessData
RevokeActiveObject
RegisterTypeLi
OleTranslateColor
OleIconToCursor
OleLoadPicturePath

Exports

Exports

GetCatalogObject
InprocServer32FromString

Sections

.text
Size: 90KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ