0bd82729db184ab1171c44db828a4040_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bd82729db184ab1171c44db828a4040_JaffaCakes118
Size

433KB
MD5

0bd82729db184ab1171c44db828a4040
SHA1

48a3602e0194162327c989848f08bed32940b186
SHA256

ed96c5bdf120f1fe377eea50cdccecf053e06a68e471251d03310b6acfbce31a
SHA512

0c8bae17d1d14a2fc534ae51b853f84e0609caecd6ac6ff8306f6d3bff394a506715cc827df99ea110e3a55daf149a81cc39d2c44d49c3a9281fdba765ad1a5f
SSDEEP

12288:qijBT1hzTZxm44ityX2zg/2moTurMMnMMMMMRWr5:vBn64uHMMnMMMMMR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bd82729db184ab1171c44db828a4040_JaffaCakes118

Files

0bd82729db184ab1171c44db828a4040_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2f86fdc6267fa6ac44ec4d11951c4465

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiSetClassInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiCallClassInstaller
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

kernel32

FormatMessageW
GetLastError

ntdll

NtAllocateVirtualMemory
RtlAdjustPrivilege
RtlAddAccessAllowedAceEx
RtlAddAccessAllowedObjectAce

netapi32

NetDfsMove

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 928KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ