6f2647bb0a9829c524232a61400c608e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6f2647bb0a9829c524232a61400c608e_JaffaCakes118
Size

298KB
MD5

6f2647bb0a9829c524232a61400c608e
SHA1

ce3fa5f6282365ffd2f28ef4c10be28a7097542f
SHA256

f752c5ebdd2ae0b071135cd55738dc72d00bddbaee96d0ad65165a6398039a79
SHA512

682be3984b989f7abff4a83c9c2ea9815d787cac5f84516e3b2300dce1e6365eb537cbe67c1548e1bfd6d2502eb0c52a3377b9ea70fcf02b0a5b93ddd5b29a10
SSDEEP

6144:kVOFQnjnr2BP+5iEZR6o404ETr5bOw4NOZuvLgArtBEMDmY7:kVVjrdQ0oou2Ow+L6Y7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f2647bb0a9829c524232a61400c608e_JaffaCakes118

Files

6f2647bb0a9829c524232a61400c608e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9eb46d8aa503d24f720ca7ed4a8c3fff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DispatchMessageA
DialogBoxParamA
DestroyIcon
DestroyCursor
DeleteMenu
DefDlgProcA
CreateIconFromResourceEx
CreateIcon
CopyRect
CharPrevA

kernel32

GetTimeFormatA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
WriteFile
VirtualFree
VirtualAlloc
TlsGetValue
SleepEx
CompareStringA
EnterCriticalSection
EnumResourceNamesA
FlushFileBuffers
GetCommandLineA
GetDateFormatA
GetStartupInfoA
GetVersion
LeaveCriticalSection
MapViewOfFile
OpenFile
ReadFile
RtlUnwind
Sleep

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitSecurityInterfaceW
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUser
LsaApLogonUserEx
SpInitialize
c
f
o
s

Sections

.text
Size: 56KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 238KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ