2fef0c38e1a122fc10a5b49eae673462_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fef0c38e1a122fc10a5b49eae673462_JaffaCakes118
Size

406KB
MD5

2fef0c38e1a122fc10a5b49eae673462
SHA1

9801fc06635426d623bf929fe082762564928321
SHA256

ef314001a1bd3efbf47b67ec17a9dce761631602f72823c136e1309f26962b8e
SHA512

982dd39e9e261d1d0b855f2f8e121a2bcb9830f3b95cc8ae1097f648b6e4380f61098e7c429f23ae05352da7bee3504358edba1a20d810d5e3a45e04050cffb6
SSDEEP

12288:9PV04S9fJq63F/b/q/4ZNjcXns8Csugn:5fSpJqaTi48s8B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fef0c38e1a122fc10a5b49eae673462_JaffaCakes118

Files

2fef0c38e1a122fc10a5b49eae673462_JaffaCakes118
.dll windows:4 windows x86 arch:x86

037f6c10f86d6cb1f4af96fccc0d3c36

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

kernel32

GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId

ole32

CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeEx

msvcrt

wcscpy
wcscat
wcslen
wcstoul

samlib

SamAddMemberToAlias

netshell

NcFreeNetconProperties

ntdll

NtAllocateVirtualMemory

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ