c00935f3bda9729eb9be26bcfcad7959_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c00935f3bda9729eb9be26bcfcad7959_JaffaCakes118
Size

294KB
MD5

c00935f3bda9729eb9be26bcfcad7959
SHA1

ed6fae3b7f1f4fda9fdcc88a977f1a64392dfdcf
SHA256

922855716e20ebd8bbdcfb2b8e27dc85a5c01a8771f772537b61051d343d4fd8
SHA512

78c3f67790c93b0b24ce799bc9e2b996502b005a8d2b6a070d339e74646063a1e2edead956c863bfe3d6cf67bc85287571d1f76f5eb8c9471a42f058e92bb9b7
SSDEEP

6144:j+LJJb+rQzGbZgInax8sqmhFZqOIsQF7WWZVfQ/nQqqBLVVbKNP:j68r0GBax8sfI1B73fQ/nOa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c00935f3bda9729eb9be26bcfcad7959_JaffaCakes118

Files

c00935f3bda9729eb9be26bcfcad7959_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2d665fb8ae6534c133dc05bd477b554d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen
LoadTypeLib

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceA
AdjustTokenPrivileges

ole32

CoRevokeClassObject
CoTaskMemFree
CoCreateInstance
CreateFileMoniker
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
GetRunningObjectTable
OleDuplicateData
OleFlushClipboard
OleSaveToStream
ReadClassStg
CoUninitialize

kernel32

lstrlenA
lstrcpyA
lstrcatA
SetEndOfFile
GetStartupInfoA
GetFileSize

Exports

Exports

Dle
Ekw
Ojs
Rld
Vwe
Xjo

Sections

.text
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 177KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ