09bb29609a8722ecd296312642857c33_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

09bb29609a8722ecd296312642857c33_JaffaCakes118
Size

18KB
MD5

09bb29609a8722ecd296312642857c33
SHA1

d375782e3afc266803e0d4c599b119c73d15d96b
SHA256

6e4da4d2019cdd57af5136cf0c1a3e7a9e0221851f2052e11db69ca29409ea4d
SHA512

aa27c091d13d21367b8f2a42f227894cc69b1ecf080d2e33a77ce7b48374fda28ba5bc75f6cb552bd543bab6bc23bde670e561d8033db44bd241c66092e05735
SSDEEP

192:9Jx4HOnKvWSXVtDZOt6cPzuVq+W7/8koTm1sq0rt7MnJl9BF9WsMhwJ2MhfTYtPy:7x46gXzQt/bQNNq1sq6tIP9BuRE+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09bb29609a8722ecd296312642857c33_JaffaCakes118

Files

09bb29609a8722ecd296312642857c33_JaffaCakes118
.dll windows:6 windows x86 arch:x86

2feb08e6b6ac58ac77499e6899fca638

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetStatusWindowPos
ImmGetConversionListA
ImmDestroySoftKeyboard
ImmLockIMC

kernel32

LocalFree
lstrcpyA
SetLastError
EnumResourceTypesA
GetProcessHeap
HeapAlloc
VerLanguageNameA
VirtualAllocEx
GetPrivateProfileStringW
GetWindowsDirectoryA
AddAtomA
FatalAppExitW
lstrlenA

wsnmp32

ord220
ord320
ord201
ord502
ord601
ord604

mapi32

ord22
ord130
ord176
ord33
ord16
ord20

odbc32

ord245
ord13
ord26
ord76
ord36
ord250
ord75

advapi32

GetUserNameA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyExA

msvcrt

memcpy
sprintf

Exports

Exports

vqnfswsvku

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ