ef89ef20a29c851bd7e5ce088777f27f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ef89ef20a29c851bd7e5ce088777f27f_JaffaCakes118
Size

49KB
MD5

ef89ef20a29c851bd7e5ce088777f27f
SHA1

aa51731a725e035943505629245134fc42b11083
SHA256

0c4a176a0d9efbae5a33de95b7a657638c148de1ce50ce29ebf22b0fa007d340
SHA512

02e6ccc44b0a55fa99bb2ac0000a9352863f8ad97c5ba3d1ec14984a54457b93fb583990bf0210d1c8d4d2283713f92fbcf015f49317e2eca7b3f6880b0f66bc
SSDEEP

768:7r7PB6tuzclCjCXttgctslQv04cyqXeHiAHjHhbBo0q3GgfvZHRA3Gqz6pB:7rjB5zcCaPICpimrroX3GgfBxu2B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/local/en/Common/CommonRes.dll

Files

ef89ef20a29c851bd7e5ce088777f27f_JaffaCakes118
.cab
local/en/Common/CommonRes.dll
.dll windows:5 windows x86 arch:x86

827a6f2d67aaa97fcb4e8dd719f39d48

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\TWRK\cb0a43bc345bd116\Client\Source\Staging\MPP\UnicodeRelease\PDB\CommonRes.pdb

Imports

msvcr120

__dllonexit
_onexit
__clean_type_info_names_internal
_calloc_crt
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_unlock
_lock
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
_except_handler4_common
__CppXcptFilter

kernel32

IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer
IsProcessorFeaturePresent

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ