308ea0006b4d71bdf2ad2b1c872d1549_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

308ea0006b4d71bdf2ad2b1c872d1549_JaffaCakes118
Size

16KB
MD5

308ea0006b4d71bdf2ad2b1c872d1549
SHA1

ffde2d5c06bee4f819d3283cbf10f659ae3133e5
SHA256

f344d92ffee8a1e1b227883e1634b44e275ee2307429908720716ebe2c879718
SHA512

2a7524d64ac22a9d1a0933d9a06ff072bff8016149fdea9ca374495c95bd5ae0b96b0a7205c6206d9cf068290e43e3732b189d5cdd38321a70adb2369b442d03
SSDEEP

192:rmw7UqIiHH+sVfrVW+txfEOelPjM6gx/y6T5OZTppEHCrAsiqWAeVS+b5x5X+im:r3UIVWWhjelPjPZTppPrAsiqqFx5Xrm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
308ea0006b4d71bdf2ad2b1c872d1549_JaffaCakes118

Files

308ea0006b4d71bdf2ad2b1c872d1549_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a07703b48ce374709e685dca2c4e3edf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

RegisterClassA
RegisterWindowMessageW
UnregisterClassA
CharNextW
DefWindowProcA
GetWindowLongW
LoadStringA
CharLowerW
SetWindowLongW
IsWindow
SetWindowPos
DestroyWindow
PostMessageA
CreateWindowExA

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetLengthSid
CopySid
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
GetTokenInformation
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenThreadToken
OpenProcessToken
RegOpenKeyExW

ole32

OleRun
CoSetProxyBlanket
CLSIDFromProgID
IIDFromString
CoInitialize
CLSIDFromString
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

comctl32

ImageList_Merge
ImageList_LoadImageA
ImageList_Write
ImageList_GetImageInfo

Exports

Exports

PEFDuTruL

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 421KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ