9d4ef0a62797d8831a7566d1a4fd3c1d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9d4ef0a62797d8831a7566d1a4fd3c1d_JaffaCakes118
Size

230KB
MD5

9d4ef0a62797d8831a7566d1a4fd3c1d
SHA1

7ee844419735f66996ed96961743ee02e3c9feec
SHA256

a407facef1f556bba1532aa6f21a97dbba4b476105add9a3a35960cf860a2cee
SHA512

d37819d425d3ada2197f721501c39e1490603cc94fb05c113b82425f530159343df7be3e23d99f5987fdadd6c2e03e58fdf7eec1c61347719353c17bd592abb7
SSDEEP

6144:lzv1c1zz8uOH7l9VwrUARDAtZfew5LccGJtl8Q56YVpLkx7M:lzv1cJROH7hG8tZfL9cpC+LeQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9d4ef0a62797d8831a7566d1a4fd3c1d_JaffaCakes118

Files

9d4ef0a62797d8831a7566d1a4fd3c1d_JaffaCakes118
.dll windows:6 windows x86 arch:x86

a0a31dad5c6e045595a5fc9d3b88a89b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

RtlUnwind

winspool.drv

GetJobW

gdi32

EngPlgBlt

user32

CopyRect

ole32

CoCreateGuid

oleaut32

SysAllocStringLen

advapi32

RegCloseKey

version

VerQueryValueW

Exports

Exports

DllMain
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.MPRESS1
Size: 224KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE