68819d4067b07757ca45c71e2602e000_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68819d4067b07757ca45c71e2602e000_JaffaCakes118
Size

245KB
MD5

68819d4067b07757ca45c71e2602e000
SHA1

8259f41bcc866f691d6f2dafd5e82bc1132ae8b1
SHA256

e070b94c51a517e97624e8dfa31c7cced10ba632c01dd0ddb71f8347e69473d9
SHA512

49899af93ae26728709ef5d74033386b8759cbaab34fef3bbd74c3dd5f27c64e2c978fe2b2b881f21e92aa102f4b9ea822dd4547ed7901d9dd8c3c65d881bea7
SSDEEP

6144:qiv/+OKRcMWWVXnCgbKRzAUyTtX5OjfstALcxFQP:qiv7fMPnbWEUCIaALcfs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68819d4067b07757ca45c71e2602e000_JaffaCakes118

Files

68819d4067b07757ca45c71e2602e000_JaffaCakes118
.dll windows:4 windows x86 arch:x86

807492fac41ed8c1247d6bf9a0231903

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter

kernel32

CopyFileExW
HeapFree
HeapAlloc
lstrcmpi
GetProcessHeap
RtlUnwind
HeapValidate
IsBadReadPtr
RaiseException
ExitProcess
VirtualProtect
VirtualAlloc

oleaut32

DispGetIDsOfNames
DispGetIDsOfNames
VarUI1FromDec
CreateErrorInfo
SafeArrayAllocDescriptorEx
GetActiveObject
VariantInit
SysFreeString

Sections

.text
Size: 133KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ