1524f687f39866329485d3635fe6c6b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1524f687f39866329485d3635fe6c6b4_JaffaCakes118
Size

49KB
MD5

1524f687f39866329485d3635fe6c6b4
SHA1

0600c0523b87a42c743875a6bb7e682b26db8a7b
SHA256

8a5c622170329afb069cae6a4f50794ee785235a9733be1fa0ff71ce1ac378ac
SHA512

bcabdb7e89c5cfea29386344b5f3a704ca68226e92ec3905492ae5cb0dd75fb4f4c1607df08972d3ea8f76ce40d428099159a5a69e588ff551c1d97a5c4268ed
SSDEEP

768:fRJXEnmnleSabxesmr4zko2oDlen/SBgjfzEMVfGzs5uRMCzTWo:fjXEm0SOEYg8gqUEMVegQ+kTWo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1524f687f39866329485d3635fe6c6b4_JaffaCakes118

Files

1524f687f39866329485d3635fe6c6b4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6926dcc975c04f0d6735c237fe973275

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mprgphk

ImmRequestMessageA
ILFindLastID
strncat
wcsncmp
ILGetNext
Control_RunDLLA
ImmSetConversionStatus
labs
_CIsqrt
CtfImmRestoreToolbarWnd
CtfAImmActivate
ImmGetConversionListA
memcpy
_wcsicmp
ILAppendID
ImmGetContext
CheckEscapesA
_alloca_probe

kernel32

ExitProcess
SetFirmwareEnvironmentVariableA
VirtualQuery
UnmapViewOfFile
CreateFileA
EnterCriticalSection
RtlZeroMemory
MapViewOfFile
GetFileTime
CreateThread
SetFilePointer
DeleteCriticalSection
GetCurrentProcess
WaitForMultipleObjects
LeaveCriticalSection
ReadFile
Sleep
InitializeCriticalSection
FileTimeToDosDateTime
CreateFileMappingA
CreateIoCompletionPort
WriteFile
CreateEventA
WaitNamedPipeA
ConnectNamedPipe

Exports

Exports

CreateProcessNotify
Cleacomp

Sections

.text
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ