2f7c3830bfdb72cd24fd4eb95ab86654_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f7c3830bfdb72cd24fd4eb95ab86654_JaffaCakes118
Size

32KB
MD5

2f7c3830bfdb72cd24fd4eb95ab86654
SHA1

41aebf2339b0e90b46d2ae805dfd3b929e4a8be8
SHA256

de003ca4e1eea57fb370bdc4946372311e9ae0d7495b52e454035e096907f7a1
SHA512

9885b2e19677bac6b7567b17a1410f219112eeb0f5a02f1deb82481a32d35caeca24b33bbce299ed39afbc57556cc662372be1a2a80a1c9d531bfe95e8dea357
SSDEEP

768:O65i8FeenN9hCl4aMkmj+Xhf5EZL2dHo:O6vnL6AChSZL2y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f7c3830bfdb72cd24fd4eb95ab86654_JaffaCakes118

Files

2f7c3830bfdb72cd24fd4eb95ab86654_JaffaCakes118
.dll windows:4 windows x86 arch:x86

320f48d27f22a571db9be27eb6093ff0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
FlushViewOfFile
GetCurrentDirectoryW
GetCurrentDirectoryA
GetFileSize
HeapAlloc
GetProcessHeap
HeapFree
CallNamedPipeA
Beep

ole32

OleUninitialize
OleInitialize

winmm

timeGetTime

shlwapi

SHDeleteValueA
SHDeleteEmptyKeyW
SHGetValueA

user32

wsprintfW

advapi32

RegCloseKey

msvcrt

malloc
free

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 390B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ