6fc0d7f50993caf55bd7715a4c3f81a0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fc0d7f50993caf55bd7715a4c3f81a0_JaffaCakes118
Size

976KB
MD5

6fc0d7f50993caf55bd7715a4c3f81a0
SHA1

79c92bfb0fe6e2106312d5030afcc0afbaa324a9
SHA256

c0b09f169d644716ebf4db1124cb80c25d5944768e08c79c2164154f0ad955e8
SHA512

ad30bb561211bb5d072bf0bf4f65126a242d7aed20e344786414e9c2939f978bbd5be168e6fd1c3b4ea6d953210e5a5169ea46d93f8dc97b4f5a6929a28b6c39
SSDEEP

12288:1B6vEDN/Z2I19Qg0twFEIs1xIObHZWpCgs+N0nElsiPtwZRgYmvn4p:ivEDN/ZgDit98ZWsYN0nEG+M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fc0d7f50993caf55bd7715a4c3f81a0_JaffaCakes118

Files

6fc0d7f50993caf55bd7715a4c3f81a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53575fb5747015609d2469cc87e70642

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ald.pdb

Imports

kernel32

HeapReAlloc
HeapDestroy
OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
LoadLibraryA

rpcrt4

RpcStringBindingParseW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerListen
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcImpersonateClient
UuidCreate
UuidToStringW
RpcMgmtStopServerListening
RpcAsyncAbortCall

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 948KB - Virtual size: 945KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ