14e5418f28a234ebbe1632fd78b69083_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14e5418f28a234ebbe1632fd78b69083_JaffaCakes118
Size

89KB
MD5

14e5418f28a234ebbe1632fd78b69083
SHA1

d0eec19c18410b5fc8f0126dd6ab5da02ccb81a4
SHA256

440621b57a5d8fa34b4188722c5735bae9a1b7d870b518631bc3972d9930123d
SHA512

ca4e177dd85fab353285433c94ff2d302f56f0d41c0f4e84b6591afd8341ed7403cccc3f5c3c0b6bfb7b20d3c1270b54d949c40100862f3ac7bd6aad4efadabd
SSDEEP

1536:wzE0zWIGRkzQJt717mDrGPpkjAK7/RRjvlZagwM3J:sE0aIk4QJx1fPp8AWJhvlZag9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e5418f28a234ebbe1632fd78b69083_JaffaCakes118

Files

14e5418f28a234ebbe1632fd78b69083_JaffaCakes118
.exe windows:4 windows x86 arch:x86

540cd32f4422bcc8cb44cfb6fa92ac9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ald.pdb

Imports

kernel32

HeapReAlloc
HeapDestroy
OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
OpenSemaphoreA

rpcrt4

RpcStringBindingParseW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerListen
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcImpersonateClient
RpcRevertToSelfEx
UuidFromStringW
NdrAsyncServerCall
NdrServerCall2
RpcStringFreeW
RpcServerInqBindings
RpcServerUseProtseqW
RpcAsyncCompleteCall
UuidCreate
UuidToStringW
RpcMgmtStopServerListening
RpcAsyncAbortCall

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrh
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ