37593ad38d698d3c11c931fb5a0ea5e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

37593ad38d698d3c11c931fb5a0ea5e3_JaffaCakes118
Size

73KB
MD5

37593ad38d698d3c11c931fb5a0ea5e3
SHA1

6a3123ff984c89a0527557476f2f36eadbb74f6f
SHA256

17bb92e8a364b4ef9579e1e16b2fae3d93aea8711a8ec8b43e9c1ff68ef69b76
SHA512

f892498b18b311aa91b07e01b3626619dfbee181c05eafadce80b1941e746205e71ff6aec4b9f73eace382350ccca7ad1154b36fcf4b04e502bc33a77421b823
SSDEEP

1536:pcMzlTtw2ezZihO3BSDEHZMwOHZaZAFRzmm4h9J/MD6LdLtg:pcGPeliE3cxwOHAZAFRzmm47l+6jg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37593ad38d698d3c11c931fb5a0ea5e3_JaffaCakes118

Files

37593ad38d698d3c11c931fb5a0ea5e3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

10155c15be5c3933837e4dca810c4db4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
GetCommandLineA
GetModuleHandleA
GetVersionExA
HeapAlloc
HeapCreate
MultiByteToWideChar
SetLastError
lstrcmpiA
lstrcpyA

advapi32

AllocateAndInitializeSid
DeleteService
ElfBackupEventLogFileA
GetSidSubAuthority
LsaEnumeratePrivileges
LsaQueryInformationPolicy
NotifyChangeEventLog
OpenProcessToken
RegQueryValueExW
RegSetValueExW

ole32

CoCreateGuid
CoCreateInstance
CreateAntiMoniker
IsEqualGUID
StringFromGUID2
CLSIDFromString

setupapi

SetupRemoveInstallSectionFromDiskSpaceListW

olepro32

OleTranslateColor
OleCreateFontIndirect
OleCreatePropertyFrame
OleLoadPicture

user32

UnregisterHotKey
SystemParametersInfoW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ