5ee8e7194f53bd0672760c996dfffe70_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5ee8e7194f53bd0672760c996dfffe70_JaffaCakes118
Size

124KB
MD5

5ee8e7194f53bd0672760c996dfffe70
SHA1

f61c0aa07941cc5756a2884d9e471649dca9c253
SHA256

9a60466dc8fa4ec813594850b4eeacb9bb412ac7678d9d744f8e2783f4065b1b
SHA512

e19c210955d9e7930004c6d3394a4240e88a256d45c921b82d545ffd45d90b5a9b0e249df67e46d7638eb5f50071132b5d812c68947fcaefdeb1e8a1ecf82e29
SSDEEP

3072:wirSTcsqDOQW+ipdjMNHV9NUCKMMiU1m9:wJgL6ppMN19NUCKNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ee8e7194f53bd0672760c996dfffe70_JaffaCakes118

Files

5ee8e7194f53bd0672760c996dfffe70_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96101f1d4d511d5d0c6029d705346c9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen

advapi32

QueryServiceStatus
CloseServiceHandle
CreateServiceA
DeleteService
OpenProcessToken
OpenServiceA
SetSecurityDescriptorDacl
AdjustTokenPrivileges

ole32

CoUninitialize
CoTaskMemRealloc
CoRegisterClassObject
CLSIDFromProgID
CLSIDFromString
CoCreateInstance

kernel32

lstrcpynA
lstrcmpiA
VirtualFree
TlsSetValue
LoadResource
HeapAlloc
GetSystemTimeAsFileTime
GetLocalTime
GetFileSize
FindResourceA
ExitThread
EnumResourceLanguagesW
EnumResourceLanguagesA
CloseHandle
RtlUnwind

Exports

Exports

Gtq
Inz
Jya
Qem
Tlw
Xsr

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ