3fdabca3e770d9e9089a40629d215b91_JaffaCakes118 | Triage

Sharing

General

Target

3fdabca3e770d9e9089a40629d215b91_JaffaCakes118
Size

313KB
MD5

3fdabca3e770d9e9089a40629d215b91
SHA1

980b39c1aac020567d047ebff7502ecc3bda7318
SHA256

4b93c0ded1b12e763335652da79ba45c42dd76ff208fbc199216ed9a92703891
SHA512

58db99b0f8d549f839feb0cee5f7c5e4d0213d390bab48962d58f919faa1c835c040d53ca4c75bb0162a9ccde01cca9fe077814e762f8313f0995a57709b3163
SSDEEP

6144:Kf4Np33ku1SRwx9D+DND29GsVND0fZWkYkWcACqhQDG:c4DHktRKoa9/VNo0kFdAlQDG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fdabca3e770d9e9089a40629d215b91_JaffaCakes118

Files

3fdabca3e770d9e9089a40629d215b91_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8d31dd818cfd9a09344088e558d7466a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Override\Necessary\Endorsed\Platform.pdb

Imports

kernel32

FormatMessageW
VirtualAlloc
GetProcessHeap
lstrcmpW
GetVersion
GetConsoleCP
GlobalLock
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalAlloc

user32

IsWindowVisible
ShowWindow
ShowOwnedPopups

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey

Exports

Exports

EndorsedClasses
ItOrPlatformThe
ListProcess
MoreFrom
OfAThe
PlatformMayToIt
ToTheStandaloneStandalone
VersionsProvidesThe

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ