3646c8d560d1476e5a032349ab7a6697_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3646c8d560d1476e5a032349ab7a6697_JaffaCakes118
Size

30KB
MD5

3646c8d560d1476e5a032349ab7a6697
SHA1

0cc061659f559aad9543a38634cc1df177c21397
SHA256

10609942489d0f422a5dd50f22b07b88941319e29b1fd3b7b00f5ae119989bca
SHA512

6c403f09d37656a50cc4d3d2bb81d9dbcebf66b61cee77051b6ca08ac4d8024bb32d81b1ee364f62d0409b2f0e361b7f36397a70d048989420babcdb6e38cbce
SSDEEP

768:/OqiDR6u6lB7j7DPOw4OKk+67IH6Jh8V:RiDRVW/R2b6kH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3646c8d560d1476e5a032349ab7a6697_JaffaCakes118

Files

3646c8d560d1476e5a032349ab7a6697_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0e1627bd7b992689084fc1cc205e5cb2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

gdi32

GetCurrentObject

msvcrt

_adjust_fdiv

advapi32

LookupPrivilegeValueA

user32

SetProcessWindowStation

wininet

InternetCloseHandle

mswsock

TransmitFile

ws2_32

connect

shell32

ShellExecuteA

ole32

CreateStreamOnHGlobal

avicap32

capGetDriverDescriptionA

shlwapi

StrRChrA

psapi

GetModuleFileNameExA

Exports

Exports

LoadProfile
ServiceMain
TestFunc

Sections

pec1
Size: 15KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec2
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pec3
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pec
Size: 1KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE