2c7fcd4b85297f5da325704376d0f51f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c7fcd4b85297f5da325704376d0f51f_JaffaCakes118
Size

40KB
MD5

2c7fcd4b85297f5da325704376d0f51f
SHA1

440eda7fcb2944a25b456a44f6da17d2ec4c7e1f
SHA256

a8212b081ef7cc103e18ef824bf581bebad6c7cf978b05132fb7e0ac290e9337
SHA512

0005bd92d97b798a4c80257c6fcf99b5d96402514bcb22c48d37423df22893e9c6c9cce75bc4375e38c7297d6c49dea37160fcce13b14f0a5be7729a81bd2d88
SSDEEP

768:b4pBPvantS7yLP6yAPs3V1UMCL4y8CK4lWAkSkZjvuZguGVeue4wAgP:b4pBP647ybgsbUMA4yQ4WzSkdGCuG44D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c7fcd4b85297f5da325704376d0f51f_JaffaCakes118

Files

2c7fcd4b85297f5da325704376d0f51f_JaffaCakes118
.dll windows:5 windows x86 arch:x86

cbbcd6eba8b772bb89044b735c328c06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
GetEnvironmentStringsA
ExitThread
GetLastError
GetProcessWorkingSetSize
OpenEventA
GetDllDirectoryA
VirtualAlloc
GetVolumePathNameA
GetDllDirectoryA
FindFirstFileExA
ReadConsoleOutputA
SetConsoleLocalEUDC
GetEnvironmentVariableA
WriteProfileStringA

user32

MapVirtualKeyExW
IsHungAppWindow
GetKeyboardLayoutNameA
IsClipboardFormatAvailable
UnregisterUserApiHook
PostThreadMessageA
GetMenuStringA
IsServerSideWindow
SetWindowPlacement
PostThreadMessageW
IsChild
GetClassNameA
SetRect
EnumPropsExW

Exports

Exports

ReadAfkanttvxld
Yobucey
Yxfybndbsdk
InitRntaowcuyyc
Spmslyb
Wiflnyeqsb
Ppoypxbdjwj
GetPrglsalbyf
GetCcrsytgtaqt
Xynamayu
IsIkarqlnbk
OpenKaphkxamk
Crylloyiyfg
IsFfajjjy
Elfvnqwjqou
AddDmcytopnkp
InitImbtgibij
Bhspgpb
SetSiausltrqw
EndKhvsbfv

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ