39777e869acdde51533606c577d6117d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

39777e869acdde51533606c577d6117d_JaffaCakes118
Size

53KB
MD5

39777e869acdde51533606c577d6117d
SHA1

f759d8c99cef3cadc31fcadbcf2b4e871401e782
SHA256

53c73c1f0df43b8e446403e83a63173753d4b649779c0a86ad49c793cbd469a5
SHA512

1dc0c10b12e9107e1f5291c89c6fa24808d14966aba34cff7ca49a5655683e98da04c40db350f1f3dadd64f86bb1650d90438b1285524f2c2c7c1355f40b127f
SSDEEP

1536:4cLmyLKExByeHjsfBZhDQrJZ6USzZgzzanDFwK1M:4cjLnxBymoJbDQr1SzSzuDq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39777e869acdde51533606c577d6117d_JaffaCakes118

Files

39777e869acdde51533606c577d6117d_JaffaCakes118
.dll windows:6 windows x86 arch:x86

47e1faabc91df2ec9f19cc8d894254fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

time

advapi32

AddAce

user32

LoadStringW

ntdll

RtlFreeHeap

rpcrt4

NdrServerCall2

authz

AuthzGetInformationFromContext

Exports

Exports

CalaisMain

Sections

.MPRESS1
Size: 48KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE