2e54a8f613d4fceb2e6cbd7e0eb8a761_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e54a8f613d4fceb2e6cbd7e0eb8a761_JaffaCakes118
Size

27KB
MD5

2e54a8f613d4fceb2e6cbd7e0eb8a761
SHA1

7228f96fb0e4701716c839c8974ea38d8a3ec74e
SHA256

4b5fec2bf665cae0e4308c70b78e21b4396a6b4dadd661609627a71586e1618b
SHA512

ada698165afa36fde1f82d446dd3ebc8b1db5069dd6430ab1213918d953501a58528f440eeb6cbdc740f8f77240fdb0ae111a6a3fe1775a12646ab1c4642a4b3
SSDEEP

768:zn6MBfgKCVJ+90Y5jlbZQAzX2ouUY73HI:znxBsJNQjlNHb23TI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e54a8f613d4fceb2e6cbd7e0eb8a761_JaffaCakes118

Files

2e54a8f613d4fceb2e6cbd7e0eb8a761_JaffaCakes118
.dll windows:4 windows x86 arch:x86

564f9be24497d868fd7b43cd37ca7d2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

avicap32

capGetDriverDescriptionA

advapi32

LookupPrivilegeValueA

user32

SetProcessWindowStation

mswsock

TransmitFile

ws2_32

connect

shlwapi

StrRChrA

psapi

GetModuleFileNameExA

ole32

CreateStreamOnHGlobal

msvcrt

_adjust_fdiv

wininet

InternetCloseHandle

gdi32

GetCurrentObject

shell32

ShellExecuteA

Exports

Exports

LoadProfile
ServiceMain
TestFunc

Sections

.text
Size: 18KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cheng
Size: 512B - Virtual size: 520B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE