30480f27e17bf6f6631c41ed210d7f47_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30480f27e17bf6f6631c41ed210d7f47_JaffaCakes118
Size

189KB
MD5

30480f27e17bf6f6631c41ed210d7f47
SHA1

35a0193de93251ddc28ec5464a925d77ce15576b
SHA256

e2a784c89f110ebfcacf271a20706f181e58248b60d57b3cbccd3c7395495ea6
SHA512

28c0bcb05ed5fe0a8cf5d32829bdab80b9b7c0f62972d130a9fc0f032456aaf5da243bdd9aa7c7d3f469e6e7c0777bec18a30689f079e7502f5eaeaaed775d6d
SSDEEP

3072:aulNXmFiuQCPhUIrvrngRdciW7ACyn6Zdvd5e6KG4BCxL6+sf3axlXL9Vptr:aMXmFiRquI/s6kFnqFds6KG4BCxL6+sM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30480f27e17bf6f6631c41ed210d7f47_JaffaCakes118

Files

30480f27e17bf6f6631c41ed210d7f47_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fcff8951c56da86031171aa508f9b4d7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ExitProcess
ExitThread
FlushFileBuffers
GetACP
GetCommandLineA
GetEnvironmentStringsA
GetEnvironmentStringsW
GetModuleHandleA
GetOEMCP
GetStartupInfoA
GetSystemInfo
HeapAlloc
HeapCreate
HeapReAlloc
MultiByteToWideChar
RtlUnwind
SetFilePointer
SetLastError
SetUnhandledExceptionFilter
TlsAlloc
lstrcmpA
lstrlenA

user32

FindWindowExA
GetKeyState
InvalidateRect

winmm

timeEndPeriod
joyGetDevCapsW

ole32

CreateAntiMoniker
CoTaskMemAlloc
CoCreateInstance

advapi32

IsTokenRestricted
StartServiceCtrlDispatcherA
SetServiceStatus
ReadEventLogW
LsaRemovePrivilegesFromAccount
InitiateSystemShutdownExA
CryptGenKey
CryptVerifySignatureA
GetSidSubAuthorityCount

shlwapi

StrTrimA
StrToIntA
PathStripPathA
PathRenameExtensionA

Exports

Exports

D3D9UnregisterVertexBuffer
UnregisterFatBinary
WaitForDisc

Sections

.text
Size: 125KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ