1959f8d14af097e0535575a44291f51d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1959f8d14af097e0535575a44291f51d_JaffaCakes118
Size

52KB
MD5

1959f8d14af097e0535575a44291f51d
SHA1

663b90c8a3cbe7f11f39275dc9320320dbb9d1ca
SHA256

3aa37c53cdb3fc405df2b070297f9f46be1041b58850a9866e74a06ac709b52a
SHA512

21284ccb5578d71cc591213f61855e786ac1229d79333de310e952da3c080625e48dcba79aec3feee3d0773dd6972f0d2457fcc31dfba253c2c4c93515ef8185
SSDEEP

768:xj4F+Os3YsQorcV9LABb/dE8Ix4JKGaAfA6QF3ydDPHxOj+PM8gn:xkF+OsosQogV9LAR/aTTxn27Hcj+6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1959f8d14af097e0535575a44291f51d_JaffaCakes118

Files

1959f8d14af097e0535575a44291f51d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9fe8ad4136c704ba730ca7849fb2c993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ald.pdb

Imports

kernel32

Beep
HeapReAlloc
HeapDestroy
OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
LoadLibraryA

rpcrt4

RpcStringBindingParseW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerListen
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcImpersonateClient
UuidCreate
UuidToStringW
RpcMgmtStopServerListening
RpcAsyncAbortCall

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ