e2131cb2f12fcd92b8476eeb70f23bad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2131cb2f12fcd92b8476eeb70f23bad_JaffaCakes118
Size

139KB
MD5

e2131cb2f12fcd92b8476eeb70f23bad
SHA1

943d9bff4cf2cb5f64885969ac0964286ff30117
SHA256

395de992f8969788e8f63351fbe07698768efa3b433ad364d7630709698c2164
SHA512

c5ac9f19f1248e30538c8375162507bd29d70643d159d38e61774186f2793df1cc582bfb9a815416ed3ebac29b259149ea8bade0d5e98bbbfc4370e62f655d54
SSDEEP

3072:UcnQDZdjPyN4cluLFkFk1tSAj3FKtQUOExIpzqP/Hm22GBo2:0P24clCFkF2SApKQsszqPvYq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2131cb2f12fcd92b8476eeb70f23bad_JaffaCakes118

Files

e2131cb2f12fcd92b8476eeb70f23bad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d8eba187e561b5163f25d1a71ffaeafb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

NtClose

basesrv

BaseSetProcessCreateNotify
BaseSrvNlsLogon
BaseSrvNlsUpdateRegistryCache
ServerDllInitialization

Exports

Exports

BaseSetProcessCreateNotify
BaseSrvNlsLogon
BaseSrvNlsUpdateRegistryCache
ServerDllInitialization

Sections

.text
Size: 137KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ