d21981316542db4a9c25a876c14bf1fd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d21981316542db4a9c25a876c14bf1fd_JaffaCakes118
Size

64KB
MD5

d21981316542db4a9c25a876c14bf1fd
SHA1

17892c59abd989a562fc452c612f2645a001799a
SHA256

1d2287cdc593836ac7cfa953c898133cba8b37740667ef6895388b86e8ad1bd4
SHA512

60bade0cfb6bccd39fd4824a6e1b05cacb91e9c2cefcd4059b6268a22f9b2683529e2944d8dd6fe52f69b32bbdc2ddbbc73c0df599a600cd75dab35da1172334
SSDEEP

1536:hL4JgjL4aFC5xj3jxDVR4C6xn4ErdX+i8Kk:t46oaFE39f4f4G+J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d21981316542db4a9c25a876c14bf1fd_JaffaCakes118

Files

d21981316542db4a9c25a876c14bf1fd_JaffaCakes118
.dll windows:4 windows x86 arch:x86

458bff1331382dd6c181ffd6877ebe19

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ald.pdb

Imports

kernel32

OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapDestroy
GetProcessHeap
HeapFree
IsBadStringPtrA
Beep
HeapReAlloc
HeapAlloc

rpcrt4

NdrServerCall2
RpcStringFreeW
RpcServerInqBindings
RpcServerUseProtseqW
RpcAsyncCompleteCall
NdrAsyncServerCall
UuidFromStringW
RpcRevertToSelfEx

crypt32

CryptUnprotectData
CryptProtectData

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1B

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 418B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ