4c254e3090eedcf00df7f6be67173c46_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c254e3090eedcf00df7f6be67173c46_JaffaCakes118
Size

127KB
MD5

4c254e3090eedcf00df7f6be67173c46
SHA1

638248a89b2f9f680fe86842c3483a4db61a9357
SHA256

f882173fe7f23e89c63a9844cfc17d7fc35523fcf1c0c6c7498dbb8b4c6cccc1
SHA512

c8f276e5526368fb84fa77f4cf21d4567a02d996c68a4d73e473a35580f5294f415d2b2c015d12185557492e09213a047981a46375d6be9fd85b99f8a2341158
SSDEEP

3072:0lmsLxb2swNpKe0nyzu/5QHDFz2P0KMMiU1m9:0lmstw8kuyMP0KNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c254e3090eedcf00df7f6be67173c46_JaffaCakes118

Files

4c254e3090eedcf00df7f6be67173c46_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96101f1d4d511d5d0c6029d705346c9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen

advapi32

QueryServiceStatus
CloseServiceHandle
CreateServiceA
DeleteService
OpenProcessToken
OpenServiceA
SetSecurityDescriptorDacl
AdjustTokenPrivileges

ole32

CoUninitialize
CoTaskMemRealloc
CoRegisterClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance

kernel32

lstrcpynA
lstrcmpiA
VirtualFree
TlsSetValue
LoadResource
HeapAlloc
GetSystemTimeAsFileTime
GetLocalTime
GetFileSize
FindResourceA
ExitThread
EnumResourceLanguagesW
EnumResourceLanguagesA
CloseHandle
RtlUnwind

Exports

Exports

Gtq
Inz
Jya
Qem
Tlw
Xsr

Sections

.text
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ