13015788e9a100910cbec5a341e000d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13015788e9a100910cbec5a341e000d7_JaffaCakes118
Size

196KB
MD5

13015788e9a100910cbec5a341e000d7
SHA1

e3825b6b6a476012b170ea3d23283a0863d294ce
SHA256

c19dbe60fcddee30e80616ef0723df5053665a8597d75b56e2648e4936cd0e41
SHA512

4965c322251f97fadd94d7f2b0ba4423e53d5d742ea5b0919a3f1e043aeaf16ecb2de1c57c1beb853d052e20bfe6e993a56769ef0b8307687a0c2f2bd6624488
SSDEEP

1536:wHuTUoC4WRomp/FGedp/h61FVgUCJSY81MMMMq076NuWbmZQp8zgjHnXbZpvSlYA:nTUj3Rn/BdpgU076NDeELn9piVy+EceC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13015788e9a100910cbec5a341e000d7_JaffaCakes118

Files

13015788e9a100910cbec5a341e000d7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5c09434038ff798be988c1c118375809

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetLastError
MultiByteToWideChar
GetACP
IsValidCodePage
RtlUnwind
UnhandledExceptionFilter
Sleep
GetStartupInfoW
GetModuleHandleA
QueryPerformanceCounter
FreeLibrary
LocalAlloc
lstrcmpiA
GetConsoleCP
CompareStringA
IsBadStringPtrW

user32

RegisterClassW
DestroyWindow
DefWindowProcW
LoadCursorW
CreateWindowExW
MoveWindow

msvcrt

malloc
free
wcschr
exit
qsort

Exports

Exports

InformationBeInIntoCreated
TechnologiesVersionMechanismTechnology

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 854B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ