40efd1bc76b3b1c19e071685a8564a88_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40efd1bc76b3b1c19e071685a8564a88_JaffaCakes118
Size

88KB
MD5

40efd1bc76b3b1c19e071685a8564a88
SHA1

b04e9103c5be9dff5b8e7f270c2171805a797398
SHA256

e526a51c64108f295d966f7aab9ee62e66474499eb238b815a7fd20b8f0751db
SHA512

0a63b5a926ab6a017f7d0855d284709f5cf3f826a130fbb8c4888ef08c7cf4c4b9cb134f959175c45141c2a9057f9fe73a8d51c1fe211815b176dea25772ca50
SSDEEP

1536:1AgIffBXZDabDI3mLok9ZaC+fFK+0XkAgeLGedyGjEEC:1A5JX0b03mkgaC+tK+0Madv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40efd1bc76b3b1c19e071685a8564a88_JaffaCakes118

Files

40efd1bc76b3b1c19e071685a8564a88_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b1a549eec284461ee9dc78964a7ea8ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

recuihieva.pdb

Imports

kernel32

CreateHardLinkW
GetVersionExW
GetFileSizeEx
GetTimeFormatW
GetDateFormatW
GetLastError
FormatMessageW
GetCurrentProcess
GetCurrentThread
GetFullPathNameW
GetDiskFreeSpaceExW
GetSystemInfo
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
SetFilePointerEx
SetEndOfFile
DeleteFileW
GetModuleHandleW
GetProcAddress
CreateFileW
DeviceIoControl
CloseHandle
LocalFree
GetModuleHandleA

ole32

StringFromIID
CoTaskMemFree

user32

GetWindowLongA
FindWindowA

advapi32

OpenThreadToken
AdjustTokenPrivileges
OpenEventLogW
ReadEventLogW
LookupAccountSidW
CloseEventLog
LookupAccountNameW
RevertToSelf
CheckTokenMembership
AllocateAndInitializeSid
ImpersonateSelf
LookupPrivilegeValueW
OpenProcessToken

msvcrt

wcscpy
isalpha
calloc
printf
wprintf
towupper
swprintf
toupper
wcscat
wcsncat
wcslen
free
isdigit
malloc

Exports

Exports

hhtlawh

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ