2b809bd46694b2b58c2b78163d105433_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b809bd46694b2b58c2b78163d105433_JaffaCakes118
Size

48KB
MD5

2b809bd46694b2b58c2b78163d105433
SHA1

93f209e2594ed36be3d2ad66d1b3b9c1f5c97b01
SHA256

9fc63c30a5cf0218fef2b40fd380a9496d9b94d47a017842409857dc4304fa41
SHA512

9b285d54c1c436a5561874b2091c70d4e278cbee91feffdddff8efd770c79b8673a36c5eb2a696f65fcab51de2e815840829b2157c532ffe53501c615d515e44
SSDEEP

768:hSKVhYa3bmNCiPJINqsIBDt21F7F7nSsyk/hy7EXb/RuaQv7XgnJ:hSLa3SnPJIwssJ21VFZMIDR9pJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b809bd46694b2b58c2b78163d105433_JaffaCakes118

Files

2b809bd46694b2b58c2b78163d105433_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9fe8ad4136c704ba730ca7849fb2c993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ald.pdb

Imports

kernel32

Beep
HeapReAlloc
HeapDestroy
OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
LoadLibraryA

rpcrt4

RpcStringBindingParseW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerListen
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcImpersonateClient
UuidCreate
UuidToStringW
RpcMgmtStopServerListening
RpcAsyncAbortCall

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ