049d29dc1d4e47c9f0322f3038d3cae0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

049d29dc1d4e47c9f0322f3038d3cae0_JaffaCakes118
Size

70KB
MD5

049d29dc1d4e47c9f0322f3038d3cae0
SHA1

32b28455746fd7e9dcc3049f414f450288dc18b7
SHA256

2ceabad69823a8c69619cd073981dca65c1ab205f98c77eca20be4e34bcfb6f5
SHA512

1e6aca1684f16892e439dbf630b38e5e25dbdb34088b2bc6f60c60bf2ab973ff7d27f603787ae20bca86fb19dddc0ad897de2b1bb93589c8e0e4d405480dd59b
SSDEEP

1536:6mpP427ZuEBaoTP1mJLKuX/l2v+7QkSFGOPp6QfUb/:eEooIVXovSQ9FPp6QfUb/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
049d29dc1d4e47c9f0322f3038d3cae0_JaffaCakes118

Files

049d29dc1d4e47c9f0322f3038d3cae0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2df740f5350921b31e34d705da3ff5e2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileType
GetModuleHandleA
GetPrivateProfileIntA
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTimeAsFileTime
HeapCreate
ExitProcess
HeapFree
LCMapStringA
LCMapStringW
QueryPerformanceCounter
SetHandleCount
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualFree
lstrcpynA
VirtualAllocEx
HeapDestroy
DeleteCriticalSection

user32

LoadIconA
GetSystemMetrics
LoadIconW

advapi32

RegOpenKeyExW

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ