da467a1f6a0a8ac379a2b1723aa8f848_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da467a1f6a0a8ac379a2b1723aa8f848_JaffaCakes118
Size

52KB
MD5

da467a1f6a0a8ac379a2b1723aa8f848
SHA1

1c92451ef8dc1f4da7459e168bc98d255a7477d0
SHA256

ac54c1cb93415c819b7febcb33562eda20704a1d0e22f94bc5b4e5172b8cc256
SHA512

812931f0f4125fd8594f13a5be48c58e20a04e877454548ef76049f0a0ad5b136f22ad0f9643f40223356475dffae912410b500aefc0e3dedc167a897eb2e1d0
SSDEEP

768:Zy0HI/1w4SPjAWNxjYYbOuEwYVIG1uuosBZhTqN06Jya/4KwB/0KU5QYGfBkfbzB:d4qsWNxTOuyIuZ3T6JyxKdHZzL1Ykxhf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da467a1f6a0a8ac379a2b1723aa8f848_JaffaCakes118

Files

da467a1f6a0a8ac379a2b1723aa8f848_JaffaCakes118
.dll windows:5 windows x86 arch:x86

4b8a243b8db6f4953491c0ead7fc857b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcr90

atoi

ole32

CoFileTimeNow

user32

GetDC

gdi32

Escape

shell32

SHGetMalloc

advapi32

FreeSid

mso

ord9525

Exports

Exports

ImportAccounts
ImportMailAndAddresses
MigrateAccountEx
MigrateOMIAccountsEx
SilentImport

Sections

.MPRESS1
Size: 45KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE