3a72f262de98f778e832b5a445b988e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a72f262de98f778e832b5a445b988e6_JaffaCakes118
Size

179KB
MD5

3a72f262de98f778e832b5a445b988e6
SHA1

88fdd0d548cb9f4e5376ab2008731412ff346404
SHA256

c6f37a329beff1c18bc07c848fbdf09fcc82bd4a049a20e1c9995f2adbe8c6c5
SHA512

776fa35830c39d13150e0864355a85b4bc750cf0e83affda81e40090dac15666fb744fc0f83629c55e8cb45df5211ce8557da706a7a6f19858aa0e6021e0abb2
SSDEEP

3072:C+Erpvrgi25CthBbiBnsi5Y2Gx/oP01QdsUlb6uOB0R/a6RIrWY:C+OvrTwChiqozJb6bB0R/nRw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a72f262de98f778e832b5a445b988e6_JaffaCakes118

Files

3a72f262de98f778e832b5a445b988e6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

08896641c839c8e9f49129169b6cfc5a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerFindFileA
GetFileVersionInfoSizeA

comctl32

ImageList_Remove

kernel32

GetCommandLineW
GetCurrentProcessId
IsBadHugeReadPtr
ExitProcess
GetStartupInfoA
GlobalAlloc
GetModuleHandleA
FindResourceA
InitializeCriticalSection
GetACP
LockResource
GetStdHandle
lstrlenA
GetLastError
LocalAlloc
SetEndOfFile
VirtualAlloc
GetProcAddress
GetCPInfo
SetEvent
LoadResource

user32

CreateMenu
SetWindowPos
GetMenuItemCount
GetMenu
SetWindowPlacement
GetCursor
SetWindowLongA
IsCharUpperA

gdi32

CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA

Exports

Exports

_Expr3iHr8wkdC7@8
4o_c9l1D0T
_3wnTHWcqjzd85t
_Mdr3VH_dy0T
_qtaBocvavX@16

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ