01980f0cd541e134cca1266cd5456744_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01980f0cd541e134cca1266cd5456744_JaffaCakes118
Size

92KB
MD5

01980f0cd541e134cca1266cd5456744
SHA1

5ddfc8a64dae0e930b25c8acbe6c3db085add828
SHA256

77489c35c62411c6603813f1b7e16ac4e8f1e625aefd258538669f2bf7e475d7
SHA512

2fc2519f4567f57ef97f2de11dfeaac801746cc39a11097578de5e0e5b32ba544dfeaa7184b0deeee7908bc6c11bffefb22f38c1f6ab3e653a2ae18f228e6a4b
SSDEEP

1536:AvqzPibgIkf8/V7vd6uNLyhfizOCkPomlQCYjM9q5PxTofwYMoOySccAo:AvG5hf4d694zONQj6sP9ofw2kcxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01980f0cd541e134cca1266cd5456744_JaffaCakes118

Files

01980f0cd541e134cca1266cd5456744_JaffaCakes118
.dll windows:4 windows x86 arch:x86

76617e1a081d29216f976c00e1630357

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gubed.pdb

Imports

user32

MessageBoxA
wsprintfA
CharNextA
LoadStringA
CharPrevA
MessageBoxExA

advapi32

GetSidLengthRequired
FreeSid
GetSecurityDescriptorDacl
RegEnumValueA
SetFileSecurityA
SetSecurityDescriptorDacl
GetSidSubAuthority
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegOpenKeyExA
RegCloseKey
InitializeSid
RegQueryValueExA
AllocateAndInitializeSid

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

zmbmybt

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ