7331e0cb960e78075e5832695f5dd7d4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7331e0cb960e78075e5832695f5dd7d4_JaffaCakes118
Size

38KB
MD5

7331e0cb960e78075e5832695f5dd7d4
SHA1

ba293cfb3c50bf5fdd5f6da55231a52cbf34c6dd
SHA256

e4eed186119ef911f00f37cf2943b649d272afb25caa72929d328613c0910b28
SHA512

830234ca860f116544c9567a3cc66e4a451f682a406456d13e79e899d903ee8508e00d97a6549c6db4ba45350af17c9986665323255a4db130b6cedd46fcc8b3
SSDEEP

768:xJVeUmZPRA6URur0eJJWyn1JdCJMyhn6dpTMP7DtJ:x5mZpA6M7eeCJdCj6vTQJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7331e0cb960e78075e5832695f5dd7d4_JaffaCakes118

Files

7331e0cb960e78075e5832695f5dd7d4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

915ee3e1da3298987e9b44f7e0329e9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

advapi32

LsaClose

msvcrt

qsort

netapi32

Netbios

ntdll

NtClose

rpcrt4

NdrServerCall2

Exports

Exports

I_BrowserServerEnumForXactsrv
ServiceMain
SvchostPushServiceGlobals

Sections

.MPRESS1
Size: 33KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE