60b229abdeb0abf3369fc0c7422c92e5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

60b229abdeb0abf3369fc0c7422c92e5_JaffaCakes118
Size

55KB
MD5

60b229abdeb0abf3369fc0c7422c92e5
SHA1

7f5ff2e1d2951862302727c2eb060890caf94fe9
SHA256

abe47d922983bc536aab5c5f1928cc3f2ee8645c0c06befb024f2d035a01a9b3
SHA512

c906f5be533742601819de2b1ab6af70c9bf73bfe8ac4650d4a139f6d178cfa21ac7c69b1ecbec33ec3a782cd7a3f9d84b874da0112e5c48d35abd322e87aa0c
SSDEEP

768:pvokHYpiMUTsKJhMdUov6j+SRclpspDKih35haSykufOQRSOkkmxJ2ieIl20DnGN:KkxMUTs8ZCgclps9hJRykalPieBy8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60b229abdeb0abf3369fc0c7422c92e5_JaffaCakes118

Files

60b229abdeb0abf3369fc0c7422c92e5_JaffaCakes118
.dll windows:6 windows x86 arch:x86

05ea150a487fe8cc38b5046025085361

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

RtlFreeUnicodeString

user32

GetWindow

advapi32

CopySid

rpcrt4

UuidCreate

ncrypt

BCryptHashData

shlwapi

ord348

ole32

CoUninitialize

oleaut32

VariantInit

Exports

Exports

RmAddFilter
RmCancelCurrentTask
RmEndSession
RmGetFilterList
RmGetList
RmJoinSession
RmRegisterResources
RmRemoveFilter
RmReserveHeap
RmRestart
RmShutdown
RmStartSession

Sections

.MPRESS1
Size: 49KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE