378bf97d4b7d06d6b300708f33d56a6a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

378bf97d4b7d06d6b300708f33d56a6a_JaffaCakes118
Size

176KB
MD5

378bf97d4b7d06d6b300708f33d56a6a
SHA1

df771bb219f274483612c546f584f560c888d8b9
SHA256

25d8b287b2547f8982330a27c1ca52ae83802fbc9b8cdd6f36af398352248651
SHA512

67860743d5e3511eb558c2793afd543d3e95ba4dbea5aae843c80e08d369bbbc807993ec167bf60b045ac2979bcac983955ca28b54cc45f9974b414bed05a647
SSDEEP

3072:VA38plXm0g37RT8ZxYDxFDbVWaK6vDNUiOlLCi+sbMw3w5sKJdQnoe:VAwlW0g3dYZxYvtWF6vDilmUb38sKfQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
378bf97d4b7d06d6b300708f33d56a6a_JaffaCakes118

Files

378bf97d4b7d06d6b300708f33d56a6a_JaffaCakes118
.dll windows:5 windows x86 arch:x86

42ce0a80ebcb65d413f944fb0ac07878

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcsncat
_ltow
wcslen

ntdll

NtClose
NtQuerySystemInformation
RtlInitUnicodeString
RtlNtStatusToDosError
NtQueryValueKey
NtOpenKey

winsta

WinStationQueryInformationW

utildll

StrConnectState

kernel32

lstrlenW
DisableThreadLibraryCalls
HeapCreate
HeapDestroy
HeapReAlloc
HeapFree
HeapAlloc

advapi32

DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegisterEventSourceW

Exports

Exports

CloseTSObject
CollectTSObjectData
OpenTSObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ