2a68d874e53309b8d11790fc1d012eda_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a68d874e53309b8d11790fc1d012eda_JaffaCakes118
Size

1.9MB
MD5

2a68d874e53309b8d11790fc1d012eda
SHA1

504b258bfead74b4164557181d265f05d760e6be
SHA256

411650694933ed3e58fb4e710614b4e4b1b26c3e19ec37e9489b4d48fb7daceb
SHA512

6c36d56a7ebb1329144b07cfef4a9c1ddc7849dd438f66ab0838c8fa2b9abf5c6289390621ae9ce49820ce9ca94cd2a78f1735cd0e262c72fc6516185cc23b15
SSDEEP

1536:PvSXP0CXXeo+l+705kc9vaKrmHXb+43hiO9GTgMFW02kISWk5FttS3D05sZCUOgM:3QHy+7KNrmH64r8lg7SWuF+CU/KYl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a68d874e53309b8d11790fc1d012eda_JaffaCakes118

Files

2a68d874e53309b8d11790fc1d012eda_JaffaCakes118
.dll windows:4 windows x86 arch:x86

edcbb44c2b1d33936b1addb33073a92b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatW
SetThreadLocale
SetErrorMode
CloseHandle
PrepareTape
OpenEventW
LocalAlloc

ntdll

RtlIpv6AddressToStringExA

user32

SetUserObjectSecurity

advapi32

StartServiceA

gdi32

InvertRgn
IntersectClipRect
GetSystemPaletteUse
GetNearestPaletteIndex
MaskBlt
ExtSelectClipRgn
EqualRgn
EnumFontsA
CreateDiscardableBitmap
ArcTo
GdiSetBatchLimit
Ellipse
Rectangle
GdiTransparentBlt
GdiAlphaBlend
SetSystemPaletteUse
RealizePalette

msimg32

AlphaBlend

shell32

SHSetLocalizedName

netapi32

NetWkstaGetInfo

oleaut32

RevokeActiveObject

Exports

Exports

IchVyovNS6kB
J1ycyeh4TOACFPLlss7
uORZh6nVwpjUC7bfO

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ