30b4d99b8217a0664c1fff57a115b05f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30b4d99b8217a0664c1fff57a115b05f_JaffaCakes118
Size

180KB
MD5

30b4d99b8217a0664c1fff57a115b05f
SHA1

204106801bd0d707f710318f8ebd1717dca09418
SHA256

76c76cc56e9995e437a5b638fada60e6d8a801eb04c602ae743d6a1a349df4ee
SHA512

324f0dee294da2cd4320dda40903a3539912edc96e829bb40398730b77ed52ed06abb933408d80e0a1c99691dfbdcf7a4d95b903f9ed618d0acac00889a7a102
SSDEEP

3072:v9k+xRua0l+T2k6sSe5a7GanTwMnujSUlbW5azt:fIHahGhTPnSSUl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30b4d99b8217a0664c1fff57a115b05f_JaffaCakes118

Files

30b4d99b8217a0664c1fff57a115b05f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e4b5a2f236629e2af8d539606437c045

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Devices\A.pdb

Imports

kernel32

ExitThread
SetCurrentDirectoryA
HeapReAlloc
VirtualAlloc
HeapAlloc
VirtualFree
LCMapStringW
GetLastError
WideCharToMultiByte
LCMapStringA
MultiByteToWideChar
Sleep
HeapFree
VirtualQuery
InterlockedExchange
VirtualProtect
GetSystemInfo
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
DisableThreadLibraryCalls
LocalAlloc
LocalFree

user32

CharUpperBuffA

rpcrt4

I_RpcMapWin32Status
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingFree
I_RpcExceptionFilter

Exports

Exports

AnyIdentified
OfDeviceNotOfNeed

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 622B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ