433486c6fba660cea3ecaa3fea48714c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

433486c6fba660cea3ecaa3fea48714c_JaffaCakes118
Size

712KB
MD5

433486c6fba660cea3ecaa3fea48714c
SHA1

ce1d7267abe0b954d753812b016546664260e559
SHA256

f9315444fe96c92ca78569d69b863bd14ab4b17ace957cdd8680d28435ebfe44
SHA512

216bdcc39b2add2f0b088edb2e7f4331e0b27ad080d54af4f84634fccfd6cd388dce61c8eaeb1b6deeadb9cfb92a327c65dc828426af9dcc60595c07530e0b87
SSDEEP

3072:dwiiaFspa8tnGzeeMIqcFnnPgOBTil8lVWPt+uS0YJH08c1Xw:dGEknGzeeMIqcFYwilr+ueJS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433486c6fba660cea3ecaa3fea48714c_JaffaCakes118

Files

433486c6fba660cea3ecaa3fea48714c_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

720c8790ceefaf9d520ba8d9d6a0e77e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryDosDeviceW
CloseHandle
SetComputerNameExW
SetCurrentDirectoryA
ReleaseSemaphore
SearchPathA
ReadConsoleA
SetThreadExecutionState
RtlUnwind
ReadFile

ntdll

RtlUnicodeToMultiByteN

gdi32

ResizePalette
GetPixel
CreateCompatibleBitmap
Pie
SelectPalette
RealizePalette
CloseFigure

msvcrt

_clearfp
__lc_collate_cp
iscntrl

rasapi32

RasGetCustomAuthDataA
RasConnectionNotificationW

shell32

SHLoadNonloadedIconOverlayIdentifiers

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ