14932ef14f48c294c4c949facaa17a05_JaffaCakes118 | Triage

Sharing

General

Target

14932ef14f48c294c4c949facaa17a05_JaffaCakes118
Size

50KB
MD5

14932ef14f48c294c4c949facaa17a05
SHA1

23dfdb1c8da502186119078d04aefc71b1ef8027
SHA256

99dd2b8950b6a856f3e18d5521d73a68c9d13c3aca84f67b66029245e26a5a13
SHA512

17a90568fe9b9042fbda72a0e4c7fc7fc48862806cad7e27352753fdb68916d893f140c8524bdde59701a537de10ff6f1e814d6a2d54225b38a54ed1d1ade4e8
SSDEEP

768:hVNZaJwjYkHP/o+3QeZjyBEWWetPIxPNlNnZyk+baRbB7JYgnIw:hVNk6ckHo+3TdyBEWWetmFzskoa9I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14932ef14f48c294c4c949facaa17a05_JaffaCakes118

Files

14932ef14f48c294c4c949facaa17a05_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9fe8ad4136c704ba730ca7849fb2c993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ald.pdb

Imports

kernel32

Beep
HeapReAlloc
HeapDestroy
OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
LoadLibraryA

rpcrt4

RpcStringBindingParseW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerListen
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcImpersonateClient
UuidCreate
UuidToStringW
RpcMgmtStopServerListening
RpcAsyncAbortCall

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ