8b6881782a8226a07cf27d769a764a1e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b6881782a8226a07cf27d769a764a1e_JaffaCakes118
Size

92KB
MD5

8b6881782a8226a07cf27d769a764a1e
SHA1

31a962978b14d94833cbb1dc8af62b1897d56286
SHA256

48e95306f1ac7645e3ae4f8fbbc4e9096848459606c3a4654602c62c7e9435fa
SHA512

52f743182df26a74fe1de80d20bb5596b7048443c9778889cd2482ebe8bf77f1d240d5fbd9a49e6c5d25c0b412dada6446eceb9de8258c07dd81975387848e05
SSDEEP

1536:xFtjdox+s1Sf0xMHB0bpAjhc3smCyGzTyENNIvbFMM0FmPbxu:HtGl1SWZbpAjU6PT3WMM0Fyg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b6881782a8226a07cf27d769a764a1e_JaffaCakes118

Files

8b6881782a8226a07cf27d769a764a1e_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b1a549eec284461ee9dc78964a7ea8ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

maanstner.pdb

Imports

kernel32

CreateHardLinkW
GetVersionExW
GetFileSizeEx
GetTimeFormatW
GetDateFormatW
GetLastError
FormatMessageW
GetCurrentProcess
GetCurrentThread
GetFullPathNameW
GetDiskFreeSpaceExW
GetSystemInfo
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
SetFilePointerEx
SetEndOfFile
DeleteFileW
GetModuleHandleW
GetProcAddress
CreateFileW
DeviceIoControl
CloseHandle
LocalFree
GetModuleHandleA

ole32

StringFromIID
CoTaskMemFree

user32

GetWindowLongA
FindWindowA

advapi32

OpenThreadToken
AdjustTokenPrivileges
OpenEventLogW
ReadEventLogW
LookupAccountSidW
CloseEventLog
LookupAccountNameW
RevertToSelf
CheckTokenMembership
AllocateAndInitializeSid
ImpersonateSelf
LookupPrivilegeValueW
OpenProcessToken

msvcrt

wcscpy
isalpha
calloc
printf
wprintf
towupper
swprintf
toupper
wcscat
wcsncat
wcslen
free
isdigit
malloc

Exports

Exports

crod

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ