32e5b9850bbfdaf256223bec50b584d1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

32e5b9850bbfdaf256223bec50b584d1_JaffaCakes118
Size

57KB
MD5

32e5b9850bbfdaf256223bec50b584d1
SHA1

bc51e45bb115bba8e79309ee6748cea4cada9196
SHA256

50477361e0f8717c1ef9717cad9e7378b191fc9841ab19f973e178ecf676008c
SHA512

dd7dea1d54c48f243db899bcfe14377f46045f2576f2706ea25e72c845c03809e6824570e206991c7b3fe7b32a93c82bf3b5a7ca0cc5b3dd018b270c04360142
SSDEEP

768:MZoPxz/tmt3ifPkbOcb293ONcYfkMepuKGJ7MjUXKG:2gtqycQ3OCYiLb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
32e5b9850bbfdaf256223bec50b584d1_JaffaCakes118

Files

32e5b9850bbfdaf256223bec50b584d1_JaffaCakes118
.dll windows:6 windows x64 arch:x64

4afb364ef54e8370059ee72303ef3268

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThread
DuplicateHandle
TerminateThread
CreateThread
WaitForSingleObject
GetThreadPriority
ResumeThread

Exports

Exports

EuvnwnfZljIsywdpmogv
HwltcZamqnjgvztWnixdxwt
NnjqnzapffPizmdbhnGukthetblwu
PluginInit
QhxxnDztrvgwWzzwo
update

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ