ff47fec064cc414f7414e5d241e0f048_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ff47fec064cc414f7414e5d241e0f048_JaffaCakes118
Size

160KB
MD5

ff47fec064cc414f7414e5d241e0f048
SHA1

9bb7cb7ab85b8f76c3c07e363fde476fed82d08d
SHA256

81b0b1288075b0ef67e23fe75e01ede329154cf57dc954088c80594e61fba0ac
SHA512

4a22b82f1e40ba2add32ccebe6cb5c03c09a8ddd3887d56f2d83963b1d41af25c7d18424fc67a9281db460c515aaee1e20122ed6a1831628c24732b348b263de
SSDEEP

3072:4V9T8lL2uGiJCayqFifODJ3tuzug3U5IrJKLmxrPQ6NOUfbK:ah8lLLGiManAGD3uD3U58JKyxd4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff47fec064cc414f7414e5d241e0f048_JaffaCakes118

Files

ff47fec064cc414f7414e5d241e0f048_JaffaCakes118
.dll windows:4 windows x86 arch:x86

10b555234b252704545be3b75f247fb7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
FindResourceA
FreeEnvironmentStringsW
GetACP
GetCommandLineA
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetStringTypeW
HeapAlloc
HeapCreate
HeapReAlloc
HeapSize
IsValidCodePage
LoadResource
LockResource
MultiByteToWideChar
ResetEvent
RtlUnwind
SetLastError
SetStdHandle
SetThreadAffinityMask
SetUnhandledExceptionFilter
WideCharToMultiByte
WriteFile

msvcrt

srand
_except_handler3
strspn
wcslen
__set_app_type

user32

GetDlgItemTextA
GetDlgItem
GetDoubleClickTime
CreateDialogParamA
AppendMenuA
GetMenuItemCount
SetWindowPos
SetWindowPlacement
CreateWindowExA
SetClassLongA

oleaut32

GetErrorInfo
SafeArrayDestroy
SysFreeString
VarBstrCat
VarBstrCmp
ClearCustData

shlwapi

SHDeleteKeyA
SHDeleteValueA
SHEnumKeyExA
SHOpenRegStreamA
PathGetCharTypeA

Exports

Exports

GetGlobalBabyJITEnabled

Sections

.text
Size: 102KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ