54b6c83b2999a801fb32c7d487e1382f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54b6c83b2999a801fb32c7d487e1382f_JaffaCakes118
Size

84KB
MD5

54b6c83b2999a801fb32c7d487e1382f
SHA1

02a35c0173582ff4f2e54158b2084d0669700311
SHA256

96f4cc0b982ffc747e2e09ad2753e2cb20c16aadda67b531f8db462fab4b8da9
SHA512

8c8a0622cdb4a79d067b9143e4895101191ec8d2e91fb1e2fec19be761604a52ab673480a2cad4a67958853c4996c85fec0706e81513a70c4403d4782cb950b5
SSDEEP

1536:UpVewS9jPAWzLlTgwY/tJ66xn0rSEgV5a/rGAbTX:UXJo3/l/Y/y6kU5orGAP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54b6c83b2999a801fb32c7d487e1382f_JaffaCakes118

Files

54b6c83b2999a801fb32c7d487e1382f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

29f3d12a9751a0e6687e2e4226b42a1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentStringsW
GetThreadPriority
GetFullPathNameW
OpenFile
DeleteTimerQueueTimer
GetQueuedCompletionStatus
OpenProcess
CreateMutexW
SetEnvironmentVariableA
SetFileApisToOEM
MapViewOfFileEx
GlobalAddAtomW
OpenEventW
LoadLibraryA
CreateProcessW
GetProcAddress

ole32

OleDoAutoConvert

shlwapi

PathAddBackslashA

advapi32

QueryServiceStatus
RegUnLoadKeyA

shell32

ShellExecuteA

gdi32

GetEnhMetaFileBits
TextOutA
CopyEnhMetaFileA
GetObjectType
SetTextJustification

Exports

Exports

smiMainCmds

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ