619cd7ff452c67afe7f8482e0d498207_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

619cd7ff452c67afe7f8482e0d498207_JaffaCakes118
Size

572KB
MD5

619cd7ff452c67afe7f8482e0d498207
SHA1

9d371dc3df71df08f8eb9f9fefcff785c663e1d3
SHA256

6cfffc9e8b63bd6d8d5bf4e278b79aea7e89ff5ae696c4a86325b7057afb90f0
SHA512

e33a0c01c93ab2bf6a9c268c53a0800f9f1811c2c9af23ced12ef767cc95226f97d7aea10c131b5a0b9041ee27b9e3309f7a7a0324ddbf1d7ec3c683e91819e7
SSDEEP

6144:kwZ9XsawhfvgJK0wde+MbQC/n+LqJuGKBPGa8iafr+AlAW9i66DPizg1hFFFOOUP:vZCFFqv+LGKBPNe+AlA7fqUFAhmL+BRd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sample

Files

619cd7ff452c67afe7f8482e0d498207_JaffaCakes118
.bz2
sample
.dll windows:4 windows x86 arch:x86

49069519ca7d08deebaf58097b71f9ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetSystemMetrics

gdi32

DeleteObject

advapi32

RegSetValueExA

wsock32

WSACleanup

psapi

EnumProcesses

gdiplus

GdipDisposeImage

crypt32

CryptDecodeObject

rpcrt4

UuidCreateSequential

Exports

Exports

_DllMain@12

Sections

........
Size: 569KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

........
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE