e01f023cc029d23978b7cb170ffe1193_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e01f023cc029d23978b7cb170ffe1193_JaffaCakes118
Size

130KB
MD5

e01f023cc029d23978b7cb170ffe1193
SHA1

4f911be6841dea2cf3a34d0628e7a5d76c51931a
SHA256

4228e521f374319a69adc99a5c0655b3593448e7ace88e77023d903b8dd92692
SHA512

eef96b9f9a1d8c7ec55825f72135a3c0dba5849a60921a5fa460ff07c59dd2e57cae7d8979d65aa908a60738982eb3842d2b07fb1784b0fa1f6dd302d0ebaec4
SSDEEP

3072:ac9aaA47Hg1EkT4C/omgwQmIXomKMMiU1m9:2aA4EOA4C/omg2IXomKNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e01f023cc029d23978b7cb170ffe1193_JaffaCakes118

Files

e01f023cc029d23978b7cb170ffe1193_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2d665fb8ae6534c133dc05bd477b554d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen
LoadTypeLib

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceA
AdjustTokenPrivileges

ole32

CoRevokeClassObject
CoTaskMemFree
CoCreateInstance
CreateFileMoniker
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
GetRunningObjectTable
OleDuplicateData
OleFlushClipboard
OleSaveToStream
ReadClassStg
CoUninitialize

kernel32

lstrlenA
lstrcpyA
lstrcatA
SetEndOfFile
GetStartupInfoA
GetFileSize

Exports

Exports

Dle
Ekw
Ojs
Rld
Vwe
Xjo

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ