40407f65dc3635980e664e76a839cba9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40407f65dc3635980e664e76a839cba9_JaffaCakes118
Size

135KB
MD5

40407f65dc3635980e664e76a839cba9
SHA1

d2d92a29635d6d37a170d8589db69c2c8ce34fe7
SHA256

97820acea6c9e45b08abed89585b7ea6c71ea59335806d99e20076757595fc11
SHA512

580f3341ecfc313af40c9cfbab338b14fe28881ba3fea1af412f81ac1605a645d5e86ec84e4cabce3212783282163ded90e35a611cce1fe099a7644e0dd79244
SSDEEP

3072:D33TTPt4MCjBvj3cGKRAOl6kIOuNXv7V8ZIP6nTIjQYXx7r:D33Txx2lXCl6kif6OCTGx7r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40407f65dc3635980e664e76a839cba9_JaffaCakes118

Files

40407f65dc3635980e664e76a839cba9_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a3010ce9b735b359bc5bef993637f70c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

urlmon

URLDownloadToFileW

version

VerQueryValueW

advapi32

QueryServiceStatus

shell32

SHCreateDirectoryExW

ole32

CoSetProxyBlanket

oleaut32

SysStringLen

shlwapi

PathRemoveBackslashW

wininet

InternetOpenW

Exports

Exports

CheckCriteria

Sections

.text
Size: 125KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE