072b663294c01f1e3e3bdfab24c41e90_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

072b663294c01f1e3e3bdfab24c41e90_JaffaCakes118
Size

59KB
MD5

072b663294c01f1e3e3bdfab24c41e90
SHA1

e913736561227aaea67581918748fa495fa4761b
SHA256

52e3f3295e6c1368a4d2f95db6787bfee8c785e4b9f92c6be7ac5fd07cd19b38
SHA512

0a2bb1dac8e779972e28ebbdea96a25fa386ae60ca6b8167d2ef1c324a6e284b5869884757612282a87f7aeeeb4773435b8388b6f6075d8f22a4f2f0c261a187
SSDEEP

1536:9SME1JJlEBmTxtBgGTv7YsEJj54y0OBcM+8fWoQM/:8ME1/+hsvksQj54ybBcMoQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072b663294c01f1e3e3bdfab24c41e90_JaffaCakes118

Files

072b663294c01f1e3e3bdfab24c41e90_JaffaCakes118
.dll windows:6 windows x86 arch:x86

d0b6cc47e0f500d350e47241ad4d8b47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

advapi32

EventWrite

ws2_32

WSAStartup

oleaut32

SysFreeString

ole32

CoInitialize

user32

CharLowerBuffW

psapi

GetModuleFileNameExW

wininet

InternetOpenW

rpcrt4

NdrServerCall2

urlmon

CreateUri

wevtapi

EvtClose

winhttp

WinHttpOpen

Exports

Exports

ServiceMain

Sections

.MPRESS1
Size: 53KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE