fa78b747228098c809823658bcb287ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fa78b747228098c809823658bcb287ab_JaffaCakes118
Size

18KB
MD5

fa78b747228098c809823658bcb287ab
SHA1

78b834c419195ef2e9ef7affe17ae9921025e487
SHA256

f2bebd7dd3aa11c65ede5bd9cdcc14d45ebb6d472021282e3ec4010440fa5363
SHA512

621d6a7cf4a2010def664220449875b06044a23edab27db8dbc4a359e6490a3a6f1526b5bafccef8dec02c3cf003f22fbe82120562409383ac1a41130671fe80
SSDEEP

384:wshVGXzbko4s68V9HSzSZCEcN5aQBZ94G4t27eERobwTj7vvxlLmWadxn8W:ws986w9xcvjBZ94pt4eEGw7Dk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa78b747228098c809823658bcb287ab_JaffaCakes118

Files

fa78b747228098c809823658bcb287ab_JaffaCakes118
.dll windows:5 windows x86 arch:x86

9a760097de574cb4692d18f7ff9e5c13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

NtQueryInformationProcess

ole32

CoUninitialize

oleaut32

SysStringLen

advapi32

EqualSid

winsta

WinStationSetInformationA

rpcrt4

I_RpcBindingInqLocalClientPID

Exports

Exports

ServiceMain

Sections

.MPRESS1
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE