2b9baef9c540e3802112b833da7e1777_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b9baef9c540e3802112b833da7e1777_JaffaCakes118
Size

1.1MB
MD5

2b9baef9c540e3802112b833da7e1777
SHA1

14b269eef26feb13156100769d77412d68c125cc
SHA256

c0728321384ecbc3a90fcaee2f0da31204a3063cc649c3e18a14080d4c2974ba
SHA512

ef4653b3d0075d55dae50651c1dc9856dbdca99c94be297e4573911e7dec8e6efe77d8d5d2cd4991033a8a2d0cfaf63adbdada7d064fd89fe830384cf2ae5848
SSDEEP

3072:dwiiaFspa8tnGzeeMIqcFnnPgOBTil8lVWPt+uS0YJH08c1:dGEknGzeeMIqcFYwilr+ueJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b9baef9c540e3802112b833da7e1777_JaffaCakes118

Files

2b9baef9c540e3802112b833da7e1777_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

720c8790ceefaf9d520ba8d9d6a0e77e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryDosDeviceW
CloseHandle
SetComputerNameExW
SetCurrentDirectoryA
ReleaseSemaphore
SearchPathA
ReadConsoleA
SetThreadExecutionState
RtlUnwind
ReadFile

ntdll

RtlUnicodeToMultiByteN

gdi32

ResizePalette
GetPixel
CreateCompatibleBitmap
Pie
SelectPalette
RealizePalette
CloseFigure

msvcrt

_clearfp
__lc_collate_cp
iscntrl

rasapi32

RasGetCustomAuthDataA
RasConnectionNotificationW

shell32

SHLoadNonloadedIconOverlayIdentifiers

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ