1678be0cc4bb451b7bb2d47121bbe221_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1678be0cc4bb451b7bb2d47121bbe221_JaffaCakes118
Size

128KB
MD5

1678be0cc4bb451b7bb2d47121bbe221
SHA1

ac8db6f5e71ef8356058623e7913c2f1570a6b21
SHA256

ad55cc75630d540d4eee906ab93c8a6c78a16139f8797bddb8ac56048459423d
SHA512

501f57baa4d254ae735cd4f49338a9a17b76b11e13a07b71039545d788c8023f5a87dc66259411b6a2e50bebaed5ce2b5dea58f1bb394c3e3a7f0fad0a1eeea0
SSDEEP

3072:q22lPPXby+F2YOQ3vWRWXcQHPxBwhnIiYYGW0KMMiU1m9:AP/FtVWgzHPnuYYGW0KNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1678be0cc4bb451b7bb2d47121bbe221_JaffaCakes118

Files

1678be0cc4bb451b7bb2d47121bbe221_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ccfbf68d3dbbf873122532bdd9d17cc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

VariantCopyInd
VariantClear
SysFreeString
SysAllocStringLen
LoadTypeLib

advapi32

CloseServiceHandle
CreateServiceA
DeleteService
InitializeSecurityDescriptor
OpenServiceA
QueryServiceStatus
SetSecurityDescriptorDacl
AdjustTokenPrivileges

ole32

CoCreateGuid
CLSIDFromProgID
CoRegisterClassObject
CoTaskMemAlloc
CreateDataAdviseHolder
OleGetClipboard
OleSetClipboard
ProgIDFromCLSID
RegisterDragDrop
WriteClassStm
CoGetClassObject

kernel32

lstrcatA
UnmapViewOfFile
SetEndOfFile
LeaveCriticalSection
GetStartupInfoA
FlushFileBuffers

Exports

Exports

Gsx
Hid
Nvf
Pcw
Shi
Sws
Viz
Wqw
Ydo
Ylv

Sections

.text
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ