3b441eeb1a664b1900f7d27946649e24_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b441eeb1a664b1900f7d27946649e24_JaffaCakes118
Size

372KB
MD5

3b441eeb1a664b1900f7d27946649e24
SHA1

4f6317bca1f7fc09530fd96f094e2165f49cf595
SHA256

e8897fb1d010e1ce2b6b82375a71d64093413fb3c9c1a6e641a90482a1ffcc2b
SHA512

7cdd65c0266b6f2e3e6954edbcfe3fd381eda70edc11449bb10d0ecf48b78dd2581cf7234550c450d0a4b436431c2f1aa44bdd41e4f8a011a0d0fa0dfac0807f
SSDEEP

6144:ETaCwmX03GnEReXhainKS5VlaWVBUkwKG3BtFyGoxJy2N4KF93VVddXESkGTjlyp:HmX03GnERGairl/RFqXkRmElVdxpkGlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b441eeb1a664b1900f7d27946649e24_JaffaCakes118

Files

3b441eeb1a664b1900f7d27946649e24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61e4c5d43365e917bd3d62184f0432dd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetDfsMove

oleaut32

VariantCopy

ntdll

RtlAddAccessAllowedAceEx
NtAllocateVirtualMemory
RtlAdjustPrivilege

kernel32

GetStartupInfoA

msvcrt

_adjust_fdiv
malloc
free
_initterm

rpcrt4

NdrDllRegisterProxy
NdrStubCall2
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrOleFree
NdrDllCanUnloadNow
NdrDllUnregisterProxy
NdrCStdStubBuffer2_Release
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
RpcStringFreeW

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 91KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ