67f3ce2ea13a0e442946878d93be50ce_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

67f3ce2ea13a0e442946878d93be50ce_JaffaCakes118
Size

116KB
MD5

67f3ce2ea13a0e442946878d93be50ce
SHA1

d4ae7ada80f96955b76c9072a895389bf3ad7341
SHA256

cf161961a54c816f0f9571e352eab6844e95e5ca93b08eb9b3c6519e8c014f61
SHA512

08790e9c5d79c1310aa36da64f6b3271974a84670b8775817e04987f9e44be4145427698cc2c7842a8922830d96fe313467ce1a8916fa9f24a6224fbf7aff902
SSDEEP

3072:bwoUXui1G+PigVwIaexEY39LMKhnJSVhqMGk8Pmd:bwbuePVVwhk1tgAn4hqL0d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67f3ce2ea13a0e442946878d93be50ce_JaffaCakes118

Files

67f3ce2ea13a0e442946878d93be50ce_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3dad780c8df6d122f23d97838f3f3b95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

ZwQuerySystemInformation
ZwClose
RtlAdjustPrivilege
_snprintf
RtlRandomEx
_wcsicmp
_stricmp
RtlInitUnicodeString
ZwImpersonateThread
_snwprintf
ZwLoadDriver
ZwOpenThread
memset
memcpy
_chkstk

shlwapi

PathFindFileNameA
SHDeleteKeyA

kernel32

DeleteFileA
CloseHandle
GetVersionExA
CreateFileA
CreateMutexA
GetModuleHandleA
GetModuleFileNameA
GetLocalTime
GetTempFileNameA
Sleep
DisableThreadLibraryCalls
CreateThread
GetTickCount
VirtualFree
GetProcAddress
WriteFile
VirtualAlloc

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE