fd28ce5aa285e05c136bbbcb2655a720_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fd28ce5aa285e05c136bbbcb2655a720_JaffaCakes118
Size

128KB
MD5

fd28ce5aa285e05c136bbbcb2655a720
SHA1

5112dc2ce36bb2c1d4eec06a5512fcc98fcbda5d
SHA256

df05bcb866bb6a7d568d47a96707abe829d74d53c3e6545821f1fe2ab3035c39
SHA512

0543ca66d51c6f1df82d4a8378c2f32c8c4f683ada42cedd575d17f07bdbd8de46b715dca6d26b0e76ccd3b90ca0bfee800f5e48f3095ed5d5f4590977157ccd
SSDEEP

3072:PTzu41DsJLj3yc1/TWhHXK6BRtRm3AZQG/2A2skTeH3OL5PFn0wcccccccc:PO4xyTyKTWRrfzmbNUH30PFn0wcccccI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd28ce5aa285e05c136bbbcb2655a720_JaffaCakes118

Files

fd28ce5aa285e05c136bbbcb2655a720_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a3e9f702578a90658236b98431d2410f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
EnumResourceLanguagesA
EnumResourceLanguagesW
ExitProcess
ExitThread
FreeResource
GetACP
GetCommandLineA
GetLocalTime
GetModuleHandleA
GetOEMCP
GetPrivateProfileStringA
GetStartupInfoA
GetSystemTime
GetTimeFormatA
HeapAlloc
ReadFile
RtlUnwind
SetCurrentDirectoryA
SetEndOfFile
SetLastError
SetUnhandledExceptionFilter
TlsFree
VirtualAlloc
VirtualFree
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ntdll

RtlNtStatusToDosError
RtlLeaveCriticalSection
LdrLoadDll
NtCreateSection
RtlEnterCriticalSection
RtlInitString
RtlInitializeCriticalSectionAndSpinCount
RtlInitUnicodeString

rpcrt4

NdrSimpleTypeUnmarshall
NdrAsyncServerCall
RpcServerUseProtseqEpExA

crtdll

wcstok
tolower
puts
asin
_strupr
_strdup
_stat
_mkdir
_ismbclegal
fprintf

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ