ff186155f3a588ce665575c6d42d2956_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff186155f3a588ce665575c6d42d2956_JaffaCakes118
Size

100KB
MD5

ff186155f3a588ce665575c6d42d2956
SHA1

165160050774d84f759a3b35a29527ed920bd9d6
SHA256

38c2d011d4b80791cbdd8e24ca793f42be16c3d4c51e3618aa0a18df977b38ce
SHA512

7f0447de932c0e621e19f908b1c53e538ceae33a4ceb69978d56159755cb028f3468f6f856dd8d730e718c535091574ffbc0fc00f9a999e005ac3395a6e2e65f
SSDEEP

1536:rhUv3lWOJaExuIXsXptXLn8NeokktiuPr1w/qDjg+14CMi:rC/lTJaSuIcXpVLn8FXpw/qDjgYii

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff186155f3a588ce665575c6d42d2956_JaffaCakes118

Files

ff186155f3a588ce665575c6d42d2956_JaffaCakes118
.dll windows:4 windows x86 arch:x86

20243a5b7229840cdd81422655ef679b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
CreateFileA
HeapAlloc
SetFilePointerEx
GetTickCount
HeapFree

shlwapi

PathFindFileNameW
SHDeleteKeyW
PathAddExtensionW
PathAppendW
SHEnumKeyExW

shell32

SHGetFolderPathW
SHCreateDirectoryExW

crypt32

CryptUnprotectData
CryptProtectData

Exports

Exports

_MGVDNIQ@0

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data1
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ