d1b9853f52fdcca9c5a980b4631af83a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1b9853f52fdcca9c5a980b4631af83a_JaffaCakes118
Size

127KB
MD5

d1b9853f52fdcca9c5a980b4631af83a
SHA1

c58ae57403a0f0fbb61f0c86f0c6bade8af275eb
SHA256

858a9af6d75690e02e4d15bbb511c8f5680454e1f65de264b959de4416a34289
SHA512

beab3c2b716da97a019820669117562c8f20f83936d88ea5f06c7797f552b392935d162f46e28ff3d32f40e9ff95b25a3a9696ff6554c29785cdac623809282e
SSDEEP

3072:/8oVydhbJLjiXb+acSe7+BtsWoUf9zWzG43T0M3OL5PFn0wcccccccc:/cj52X9e7+BtsWoU14l0M30PFn0wcccU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1b9853f52fdcca9c5a980b4631af83a_JaffaCakes118

Files

d1b9853f52fdcca9c5a980b4631af83a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a3e9f702578a90658236b98431d2410f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
EnumResourceLanguagesA
EnumResourceLanguagesW
ExitProcess
ExitThread
FreeResource
GetACP
GetCommandLineA
GetLocalTime
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetStartupInfoA
GetSystemTime
GetTimeFormatA
HeapAlloc
ReadFile
RtlUnwind
SetCurrentDirectoryA
SetEndOfFile
SetLastError
SetUnhandledExceptionFilter
TlsFree
VirtualAlloc
VirtualFree
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ntdll

RtlNtStatusToDosError
RtlLeaveCriticalSection
LdrLoadDll
NtCreateSection
RtlEnterCriticalSection
RtlInitString
RtlInitializeCriticalSectionAndSpinCount
RtlInitUnicodeString

rpcrt4

NdrSimpleTypeUnmarshall
NdrAsyncServerCall
RpcServerUseProtseqEpExA

crtdll

wcstok
tolower
puts
asin
_strupr
_strdup
_stat
_mkdir
_ismbclegal
fprintf

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ