3a3a49de6c969ae8e7fe2661e2b32df7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a3a49de6c969ae8e7fe2661e2b32df7_JaffaCakes118
Size

50KB
MD5

3a3a49de6c969ae8e7fe2661e2b32df7
SHA1

bfb1caf081eefe405bd963ffc612880d299cd5b2
SHA256

ba8c46eceee8660d62393cc50f9b5cb6b12bfc839ffbe47b3d28001d4a5a4616
SHA512

2a9d5dbcc781c7327150701e67f96bc2ab0f2d7174911e9f1f56c188ca11fd4785badf72e00b11c6abc945d3b053c9ecde9264a571455529f0992314104504aa
SSDEEP

768:lhhU5NmT8YEYmnZh6q5XqcuNjySKehuEZJzmoMe8FcmBA8xOoI/f+ISh:lrUr4iZhtoyTCuEZ1moV81OXGDh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a3a49de6c969ae8e7fe2661e2b32df7_JaffaCakes118

Files

3a3a49de6c969ae8e7fe2661e2b32df7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a21ca88a1063460b48ea3f86b64ad34d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrStrIA
StrCpyW
StrCmpLogicalW

kernel32

GetModuleFileNameA
GetTickCount
GetModuleHandleA

user32

IsCharAlphaW
InvalidateRgn

msvcrt

memset

Exports

Exports

?AutumnPoint@@YG_KPAUHINSTANCE__@@U_COMMPROP@@@Z
?WexiraPas@@YG_KPAUHINSTANCE__@@U_COMMPROP@@@Z
?WexiraReg@@YG_KPAUHINSTANCE__@@U_COMMPROP@@@Z

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 1024B - Virtual size: 885B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ