0fb1dbb3f154c3fcf4698f8a81cb2a51_JaffaCakes118 | Triage

Sharing

General

Target

0fb1dbb3f154c3fcf4698f8a81cb2a51_JaffaCakes118
Size

64KB
MD5

0fb1dbb3f154c3fcf4698f8a81cb2a51
SHA1

7b7a12dd2aac09940d50ae2b38b002dc6e8ae0e0
SHA256

63cc632d5d285832db88b0328ce36cca1df1db1d4e849ed8583070aced0b8403
SHA512

7764e44eb50c17f1f1eed640d10ecb05839184391e0fe9946f06d60094e8c717206a9120e260d9034b61d450a74ab7607bf8bf5600f6eeab8a1f9bc1c57a4edc
SSDEEP

1536:vxDHCIgijlb2jg+6gAfCwqIOh8C8t6gdVYRHCU:vtH8iA8+9/Ij6+Oo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fb1dbb3f154c3fcf4698f8a81cb2a51_JaffaCakes118

Files

0fb1dbb3f154c3fcf4698f8a81cb2a51_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3a1dc8ffea4fa23d117abdacee990133

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleOutputCharacterA
GetFileSizeEx
ExitProcess
GetTempPathA
TerminateProcess
SetConsoleInputExeNameA
SetFilePointer
LoadLibraryExW
CreateDirectoryA
GetDiskFreeSpaceExA
FillConsoleOutputCharacterA
VirtualAlloc
GetCommandLineA
GetTapePosition
ReadConsoleA
GetModuleFileNameA
MapUserPhysicalPagesScatter
Process32Next
GetLastError
DeleteTimerQueue
GetCalendarInfoA

user32

ToUnicode
RegisterWindowMessageW
GetWindowWord
PtInRect
UpdateWindow
GetWindowThreadProcessId
AttachThreadInput
RealChildWindowFromPoint
CopyIcon
ToUnicodeEx
UnloadKeyboardLayout
CheckRadioButton
CreateIconIndirect
UnhookWindowsHook

tapi32

lineConfigDialogEdit
lineDrop
lineSetAgentStateEx
lineCreateAgentSessionW

comdlg32

GetOpenFileNameW

Exports

Exports

CreateImrkwpuwgj
SetRvggrvkkhlm

Sections

.textbbs
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ