38aeb12e7cdf4a963786de1634d8cbc0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

38aeb12e7cdf4a963786de1634d8cbc0_JaffaCakes118
Size

51KB
MD5

38aeb12e7cdf4a963786de1634d8cbc0
SHA1

06b18d93f697ad071c97411a2dfec648028d8b96
SHA256

e1ab83e4e3b4787c676a0ca525fdb462e7e0ceeb4ce152401fabc5593a1ed420
SHA512

8c736c5684e01a540690c51fd9924298991ed6d2ccb2d538e062960ee09523e0b273c0ce66d56502127dfbeb66a47f1a557d3772866ac2d7431c2795dff8ab61
SSDEEP

1536:osW/8EWrC6g9jk9xC6AuVGjtLxuBmBMlup1F4:oAEWO6g9sncR9uBF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38aeb12e7cdf4a963786de1634d8cbc0_JaffaCakes118

Files

38aeb12e7cdf4a963786de1634d8cbc0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

83b69f6c617508716829329bc1cdb546

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

avicap32

capCreateCaptureWindowA

imm32

ImmReleaseContext

user32

ExitWindowsEx

advapi32.dll

RegCloseKey

gdi32

DeleteObject

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

psapi

GetModuleFileNameExA

msvcrt.dll

malloc

ws2_32

listen

winmm.dll

waveInUnprepareHeader

shlwapi.dll

StrCmpW

Exports

Exports

DllInstall
ServiceMain
ldap_open

Sections

.erdf
Size: 25KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

edrft
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rtyhgj
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE