0cf37a9968d1fb638102dba309c16cb6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cf37a9968d1fb638102dba309c16cb6_JaffaCakes118
Size

289KB
MD5

0cf37a9968d1fb638102dba309c16cb6
SHA1

e742efe2aa9f5fbfa3ddc60d653fffc7204fac45
SHA256

fbeca55422072cee6243ed0d3ad6efe606ef1f9005da3956dd77708736c0116a
SHA512

889e9b8063495031f5200ef0a7cecec7fa7104f8df9edd174f29ecd007ed6e704529211ec8adeb6c96af8035f5f9ff27b15ad15a5d164aa2689ccd1ebc4e809a
SSDEEP

6144:YPc5bFVsX+6JNeYKYxUaT7jDTXuO5vQvo6uqZpfwynbK2jrllKKNP:Kc6X/eYKUjvXuQtkO+z/llJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cf37a9968d1fb638102dba309c16cb6_JaffaCakes118

Files

0cf37a9968d1fb638102dba309c16cb6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

97e9ed6b4e701a30e74dea0a3c3b3898

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen

advapi32

AdjustTokenPrivileges
InitializeSecurityDescriptor
OpenProcessToken
OpenServiceA
QueryServiceStatus
SetSecurityDescriptorDacl
StartServiceA
ControlService

ole32

WriteClassStg
StringFromGUID2
WriteFmtUserTypeStg
ReleaseStgMedium
RegisterDragDrop
OleUninitialize
CoResumeClassObjects
CoRegisterMessageFilter
CoInitialize
WriteClassStm
CoCreateGuid
OleSaveToStream

kernel32

lstrcpyA
WriteFile
UnmapViewOfFile
TlsSetValue
SetEndOfFile
LeaveCriticalSection
GetStartupInfoA
GetCommandLineA
ExitProcess
EnumResourceTypesA
CompareStringA
CloseHandle
SleepEx

Exports

Exports

Coi
Gnk
Hbo
Pil
Rxb
Rxm
Tpv
Tqa
Xix

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ