JaffaCakes118_60306c95c2776a1fa8ec12c37dafdfdf | Triage

Sharing

General

Target

JaffaCakes118_60306c95c2776a1fa8ec12c37dafdfdf
Size

49KB
MD5

60306c95c2776a1fa8ec12c37dafdfdf
SHA1

d7b8fba6ea1aba1b56a08b6ae114a324eec4e189
SHA256

db77c7692d79e73f96b68be857a985bb9c68fc78cc11e0cbf94732c3817ec342
SHA512

a76e1525d08aaa2cc45cd4f787838ce30571530dcd3edcd75777ba5ab5bcb1aab1de7f09f8e1b966cb8367053c674a20e36f560dae54da8f8927565b4ccc6ab7
SSDEEP

768:hQ8I0GfWOkeFXYM68CE63xgz1ucyaWuMIkM+4PLJo9e/ILfBPjzpUzukFhJw1WUD:hRGLnFY78C1wucySMNMzTSbxRUDw1pF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_60306c95c2776a1fa8ec12c37dafdfdf

Files

JaffaCakes118_60306c95c2776a1fa8ec12c37dafdfdf
.dll windows:4 windows x86 arch:x86

b8116c37b3f7417486916c6b72a6c1b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

UnhookWindowsHookEx

gdi32

GetDIBits

advapi32

RegCreateKeyA

shell32

SHGetFileInfoA

msvcrt

_strnicmp

ws2_32

gethostname

msvcp60

?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

imm32

ImmReleaseContext

wininet

InternetOpenA

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

Exports

Exports

Install
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
MyNewFun
ftsWordBreak
wintest

Sections

.text
Size: 41KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE