3f28657a73e4ab6ab507f3a5e790146f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f28657a73e4ab6ab507f3a5e790146f_JaffaCakes118
Size

2.4MB
MD5

3f28657a73e4ab6ab507f3a5e790146f
SHA1

1b9a4d5ae6f6f61b62f2bf71a3138d326f76ba8b
SHA256

daa87c682f337b99c2938f6fc893b068dc0376a4de15dd20158f03d44484c23b
SHA512

d794ea37a23f690d6a0fec4a206ad88db45d18cdaf21f49cc180c403f519bd55d16684ea50a3c95f469227a89fc41a1fdaa7b772c7d430fe01fb66fb221d5b42
SSDEEP

3072:WkXOL22q7bBMMqbETgtKs3JwVEnOMBDDc6kXk:ZXOL2Z7tqYTSKoJwVEOMBDw0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f28657a73e4ab6ab507f3a5e790146f_JaffaCakes118

Files

3f28657a73e4ab6ab507f3a5e790146f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

123ec27e51dd1955840da9a4c8e223aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryW
SetSystemTime
SetFirmwareEnvironmentVariableW
SetDefaultCommConfigA
GetPriorityClass
PeekConsoleInputA

ntdll

RtlGetNtGlobalFlags
RtlEmptyAtomTable
RtlFreeAnsiString
RtlCheckRegistryKey
RtlRaiseStatus

user32

ValidateRgn
GrayStringA
GetWindowRgn

gdi32

CreateDIBPatternBrushPt
CombineRgn
FillPath
GetDCBrushColor
PaintRgn
Pie
RoundRect
SetDCBrushColor
SetLayout
GdiTransparentBlt
CreateRoundRectRgn

shell32

Shell_NotifyIconW

dnsapi

DnsIsStringCountValidForTextType

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ