bfd0f71418c888e4c865745fce0d26a5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bfd0f71418c888e4c865745fce0d26a5_JaffaCakes118
Size

512KB
MD5

bfd0f71418c888e4c865745fce0d26a5
SHA1

4634263c93cb15ae01d59b87ce68f79f9cb4512a
SHA256

ee440bf5c62d22b8effe3d8996a9b1a939c03ecc8ea0445b2c979737babfd159
SHA512

076d1db649d6b9f1874d770dcc863f0e4183a6810928ee92a941c148e319f12946ada13ad54d5877eb6ba9a3309248d691cbd1c2923817153f832c74b17a4c4a
SSDEEP

1536:nM/TxSDOQVNdKtV0YXZ2tUAlflcMacOrEro:n+dSDtVviplwlcMeroo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bfd0f71418c888e4c865745fce0d26a5_JaffaCakes118

Files

bfd0f71418c888e4c865745fce0d26a5_JaffaCakes118
.dll windows:5 windows x86 arch:x86

362469e083597b6e2199132fdf2afac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
VirtualProtect
GetModuleHandleA
ExitProcess
ExitThread
GetStartupInfoA
GetModuleFileNameA

advapi32

DuplicateToken
ImpersonateNamedPipeClient

Exports

Exports

CloseNdpyyuew
Poistuhh
Qvbjtbrd
IsAiddtogx

Sections

.text
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata2
Size: 512B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enull
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ