acd3140660a84e64cfce4fe992e1a827_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acd3140660a84e64cfce4fe992e1a827_JaffaCakes118
Size

118KB
MD5

acd3140660a84e64cfce4fe992e1a827
SHA1

7d80468004c53dbd3aeaf2105b9b2c2e5ea1550e
SHA256

3131db0483316812d0ab83afff38a6217e02a98ff2444c25ac02ec9677cbdd46
SHA512

e2ce17df17e9edbc0f203de9a17e20b34ec1caa7b410935772ff1e424a35f18cc2fd7d4ce3b22df35a56947180017c1fa2d61b8d1618447ffa7796c3e62d3d79
SSDEEP

1536:xj4P8to5ZkxSHrC8unb58BlX2RhdV0TJHY6eCkiMr9r72/tBRkDKKkznRvS3NYsu:xjZJxSLWnb6x4kJHY69ei0mRebk7T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acd3140660a84e64cfce4fe992e1a827_JaffaCakes118

Files

acd3140660a84e64cfce4fe992e1a827_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4194c731a9053e6f8911cf6ef8909002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
VirtualAlloc
lstrcmpiA
GetCurrentProcess
LoadLibraryA
IsBadReadPtr
GetProcAddress
SizeofResource
CancelTimerQueueTimer
AttachConsole
CompareStringW
TerminateProcess
EnumResourceTypesW

user32

SetPropA
IsCharLowerA
RedrawWindow

gdi32

ExtFloodFill
EnumObjects
CombineTransform

advapi32

LsaFreeMemory
GetServiceDisplayNameA

Exports

Exports

kmpugptyz
xseggjhzbcrdf
xznrxlwd

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ