366b240b5216be511f18116097fb7ea4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

366b240b5216be511f18116097fb7ea4_JaffaCakes118
Size

88KB
MD5

366b240b5216be511f18116097fb7ea4
SHA1

184371c47ad5d5830098e8a171cce254833050bd
SHA256

9b200d538e931ed585662deb08e63af033e7e62ca59df45ed31d45c7255d1649
SHA512

8edcb9fe439fb77d3797073ea11b65cb66f55bb6ebcae431cfb53acebed9188386f47ba7422083917b1e6ec2863c48e116f8ac09765878ef899278e203800d7b
SSDEEP

1536:PLdGbBoJ4dpOXZjH3quHYQy+AzMYgay1nPRAlMd2oilDfc+Cel1KCC:PLdMdpOXJ3qYezMBnelMKR0+CE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
366b240b5216be511f18116097fb7ea4_JaffaCakes118

Files

366b240b5216be511f18116097fb7ea4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1c2d42a4e533f3c86f1f4597355c880c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenGroups
CloseEventLog
CryptGetHashParam
CryptSetHashParam
DeleteAce
DuplicateToken

kernel32

WinExec
ExitProcess
TerminateThread

msvcrt

_chkesp
_ctype
_eof
_except_handler2
_CIacos

Exports

Exports

CanDoSilent
GetMD5File
GetMD5Random
GetMD5String
GetMachineKey
KillProc
KillSelf
MutexCheck
MutexWait
eula_show
http_get
rc4hex_decode
rc4hex_encode
sft

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE