bf1a01871f3efc466bf8b661f534f531_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf1a01871f3efc466bf8b661f534f531_JaffaCakes118
Size

360KB
MD5

bf1a01871f3efc466bf8b661f534f531
SHA1

42b8007f3c661df822dad280b033707688ac1478
SHA256

d504971438d066da36cef2446be49284cdf54816121bc7e8095d25ae8140b577
SHA512

722c5c393ae38b89edd188344bbc70ad45f8b38b463687a2be2e7e945301d6adb8379aad599a3ed2b4b03c9600dc0d5cfb4e6f6ba86ae681f61d67eb98e3fa83
SSDEEP

6144:+bSXsfyJCHjxeJoIAbDe8Yyhzm2eKboQw0tnOxW+qq7mlZ:gSXu/PbDvPh6d9snOxrq/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf1a01871f3efc466bf8b661f534f531_JaffaCakes118

Files

bf1a01871f3efc466bf8b661f534f531_JaffaCakes118
.dll windows:4 windows x86 arch:x86

458bff1331382dd6c181ffd6877ebe19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ald.pdb

Imports

kernel32

OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapDestroy
GetProcessHeap
HeapFree
IsBadStringPtrA
Beep
HeapReAlloc
HeapAlloc

rpcrt4

NdrServerCall2
RpcStringFreeW
RpcServerInqBindings
RpcServerUseProtseqW
RpcAsyncCompleteCall
NdrAsyncServerCall
UuidFromStringW
RpcRevertToSelfEx

crypt32

CryptUnprotectData
CryptProtectData

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 316KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1B

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ