858f13069adb8077e0767873050ac4bb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

858f13069adb8077e0767873050ac4bb_JaffaCakes118
Size

13KB
MD5

858f13069adb8077e0767873050ac4bb
SHA1

c040fd4758b3c6ace6e480517eef3abed3fba296
SHA256

5860ebe1f69de43b04fee1e7997c60b9704b3a0743d745e3dea1eb4e573b32ad
SHA512

003ed6e442e5a4205ef58feaa33375d7be9385f29c0226cc23e373ae6d17a67b35bcbb3ac58f75a4dd13cc3a8e6be64bb107535c6ecd620ce11cd5abb6cbbc48
SSDEEP

192:VbZ3gtrdBPDGfNqt6XvCcE9aOleaN9BGZhoNbrZOzajXMonZI/AedzYpkWVIqoCO:YYQEKJaIfN9moNpOWTmYpkWVIxCPW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
858f13069adb8077e0767873050ac4bb_JaffaCakes118

Files

858f13069adb8077e0767873050ac4bb_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

f7150600c968268a35ad349221050532

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

RtlFreeSid

advapi32

CopySid

user32

wvsprintfW

crypt32

CertOpenStore

rpcrt4

UuidCreate

ole32

CoInitialize

netapi32

DsRoleFreeMemory

wldap32

ord208

Exports

Exports

DllRegisterServer
DllUnregisterServer
GenerateDefaultEFSRecoveryPolicy
WLEventLock
WLEventLogoff
WLEventLogon
WLEventShutdown
WLEventStartScreenSaver
WLEventStartShell
WLEventStartup
WLEventStopScreenSaver
WLEventUnlock

Sections

.MPRESS1
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE