30f1690610be23f7d81dfbb67bd3d055_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

30f1690610be23f7d81dfbb67bd3d055_JaffaCakes118
Size

152KB
MD5

30f1690610be23f7d81dfbb67bd3d055
SHA1

ac8b78f5f617d4031e970295c727a23e12da1d99
SHA256

cececf6c7110d7e78c0766b9e67bc35db0b373fc9e37f9eb7632d9cbee23a443
SHA512

52d7f938532779b0892606532953bd85a8bb223a1d381834680dfede5a2cfe82a419053ca6706740877f5d37259a4795b784a789100edd672711f1e7979f9196
SSDEEP

3072:vRXMvg0YSk9qU0iD5lSokguTogulWIzuK/ReK3t9O0Sk+N0LA:FEgPSkEziTdQWjSkhM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f1690610be23f7d81dfbb67bd3d055_JaffaCakes118

Files

30f1690610be23f7d81dfbb67bd3d055_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bd66a30531b4efaa6bf62d4ce6d555ee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

macrieiium.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
TerminateProcess
lstrlenA
HeapDestroy
GetCurrentProcess
GetLastError
GetCurrentThreadId
MultiByteToWideChar
DisableThreadLibraryCalls
UnhandledExceptionFilter
LocalFree
LeaveCriticalSection

ole32

CoCreateInstance
CoTaskMemFree
StringFromCLSID

advapi32

RegCloseKey
IsValidAcl

msvcrt

wcschr
fwprintf
malloc
free
wcsrchr
fclose
wcslen

Exports

Exports

dntyap

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ