3ce551a0970ef9770c8e395ed5eacd40_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ce551a0970ef9770c8e395ed5eacd40_JaffaCakes118
Size

49KB
MD5

3ce551a0970ef9770c8e395ed5eacd40
SHA1

21a6e773165e427a34d8d15c6eefb82296c1c657
SHA256

7422c5ee6c8288073c92b63455e7065cbec37301bd91a5d88a074b4ef1741d38
SHA512

4a3c2a94b2d66747a0d109397854411a494d5ece48cd181581c2efd27f3b228eb179bd1dd976816cf014c706c9e71b362edd288468de0de8c922d4ff939cecd3
SSDEEP

768:pR7MXRVnGB25yxPXSgxdDpxctZZnkxtYI5gn4LnCzoWHWxihz/NpYf4gn:pR74RPy1pdDpxct/kxtXKUbizq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ce551a0970ef9770c8e395ed5eacd40_JaffaCakes118

Files

3ce551a0970ef9770c8e395ed5eacd40_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53575fb5747015609d2469cc87e70642

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ald.pdb

Imports

kernel32

HeapReAlloc
HeapDestroy
OpenEventW
FindResourceExW
FindResourceW
SetLastError
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
LoadLibraryA

rpcrt4

RpcStringBindingParseW
RpcBindingVectorFree
RpcBindingToStringBindingW
RpcEpUnregister
RpcEpRegisterW
RpcServerListen
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcImpersonateClient
UuidCreate
UuidToStringW
RpcMgmtStopServerListening
RpcAsyncAbortCall

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ