12df4669d18aa2651b3f3bdbb3e121d0_JaffaCakes118 | Triage

Sharing

General

Target

12df4669d18aa2651b3f3bdbb3e121d0_JaffaCakes118
Size

551KB
MD5

12df4669d18aa2651b3f3bdbb3e121d0
SHA1

9397f7a45cb86bd4472207b1fd14c413aad2a86c
SHA256

15a944f3da2ecfcbef030b6e53db556fd9f8d6a582b0ba11e1292d7c650be7dd
SHA512

b40f8aa33e5d0285bfa709a0f03c685f42e106d004d63985d820b7af6b567266655d050ba51e3444643aebd9ccfae5be34c52286063454fb4f257dc5b09b4259
SSDEEP

12288:U+iEUJDJQFm++7qd4h9HKvkTgXuquveY+W2o8oT3ezMrl9cekcHhXh9HJUiWUXsD:hi2i7a4HKvkTgXuquveY+W2o8oT3ezMO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
12df4669d18aa2651b3f3bdbb3e121d0_JaffaCakes118

Files

12df4669d18aa2651b3f3bdbb3e121d0_JaffaCakes118
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ