d38795a99f955c077fc02117c702d956_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d38795a99f955c077fc02117c702d956_JaffaCakes118
Size

46KB
MD5

d38795a99f955c077fc02117c702d956
SHA1

f3d799796ccdbb607f6ec941cf9f8012864de728
SHA256

a071d5f9042912b9085fc67a741083aeca99efc479955dac7246cbd102006a5d
SHA512

6a0ac239557944b27480c4e84b1b5f3973dfd5ddbfc86a76f7b0b8483195b3b715a66cbdc91b905ba983973c50d1c38f12e5cba3fdc44d4e6adc22afece51211
SSDEEP

768:eN6AGJoEL9lprTUkySmnFNf9CwfPXaf181GHjwGpFJ1Xaf181GHjwGpFJ:eN6dt1TefFnda988DwGvJta988DwGvJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d38795a99f955c077fc02117c702d956_JaffaCakes118

Files

d38795a99f955c077fc02117c702d956_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ca6769ed9d55efda76b4ebb58503c894

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
DeleteFileA
GetFileAttributesA
GetSystemTime
GetSystemDirectoryA
FindClose
CloseHandle
lstrcmpA
FindFirstFileA
GetStringTypeExA
GetThreadLocale
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleHandleA
WideCharToMultiByte
InterlockedDecrement
lstrlenW
InterlockedIncrement
GetVersionExA
lstrlenA
HeapFree
GetProcessHeap
FindNextFileA
HeapAlloc

advapi32

LsaAddAccountRights
LsaClose
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CreateWellKnownSid
OpenSCManagerA
OpenServiceA
ChangeServiceConfigA
CloseServiceHandle
LsaOpenPolicy

user32

LoadStringW
LoadStringA
CharLowerA
wvsprintfA
CharNextA

Sections

.data
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ