6fde281cdc5f514f1251d52893c4e676_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6fde281cdc5f514f1251d52893c4e676_JaffaCakes118
Size

39KB
MD5

6fde281cdc5f514f1251d52893c4e676
SHA1

87357e4999fe1c17310877940ffbf9a5cd5e6eb1
SHA256

8bb3a391dfc51597072dd985e585f958cb3c7d37c08ba0dc1d450595a8365b49
SHA512

331d70e4d75549519282ff48bd4012354ceb9f271121e833ee2ac433da17f044f42202cc1d71fb3fe996c3153bb1ca134f471d02f8cd3da8edd8b3a220d8c460
SSDEEP

768:nK+/hfqHsfgtSlkPT803f5AiM2SLiauvTVMdvdwr5K20:fZSH2gtHX3feR2SL4bSdwFb0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fde281cdc5f514f1251d52893c4e676_JaffaCakes118

Files

6fde281cdc5f514f1251d52893c4e676_JaffaCakes118
.dll windows:5 windows x86 arch:x86

0ee81b429ffad2464b567f3456f2a548

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
FindResourceA
SizeofResource
LoadResource
VirtualAlloc
LockResource
FindAtomA
GetModuleHandleA
AddAtomA
GetProcAddress
FreeResource

user32

UnionRect
WinHelpA
UnregisterClassA
ValidateRgn
VkKeyScanA

advapi32

CryptGetProvParam
RegEnumKeyExA
RegReplaceKeyA
CryptGetKeyParam
CryptGenKey
CryptSetHashParam
CryptHashSessionKey
CryptSetKeyParam
CryptExportKey

Exports

Exports

cfawlwpl
yelghwutf

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ