2fccbc3205879e5b6781035a041572d2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fccbc3205879e5b6781035a041572d2_JaffaCakes118
Size

168KB
MD5

2fccbc3205879e5b6781035a041572d2
SHA1

a50fe69fa0f6f8a9c0ecd21c0f97ee42b8266c7a
SHA256

62f4e16c4a015289eeb3512560bb81d43f15c2fcc53445643328ebcba26cf5da
SHA512

05999254b7fca19b40537bd0dc31d23933117b95c0d5f50bc014fd9cf4d6d1f7f6e414fb35f1276173ac212bd9782f1705cb1b695cbc726444160d5d149fc6a0
SSDEEP

3072:7jKF0YOAmJ7PawBcnfP1DCJYBsVaGNW6ZNFmv5Ejm89PU+jZm2/:iJOZJraDnn1WJYBsrJK5En9x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fccbc3205879e5b6781035a041572d2_JaffaCakes118

Files

2fccbc3205879e5b6781035a041572d2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f981bc27848b1eb296bbae15e56c17eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
FreeLibrary
GetProcAddress
CompareStringW
LoadLibraryA
WideCharToMultiByte
DeleteFileA
GetFileAttributesA
GetTempPathA
GetTempPathW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
LockFile
LockFileEx
UnlockFile

oleaut32

SafeArrayDestroyDescriptor
CreateErrorInfo
VarMonthName
GetErrorInfo
SetErrorInfo
GetActiveObject
VariantInit
SysFreeString

gdiplus

GdiplusShutdown
GdiplusStartup

Exports

Exports

AlphaBlend
GradientFill
TransparentBlt

Sections

.text
Size: 107KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 310B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ