f760a54011079d41adba277f404b1304_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f760a54011079d41adba277f404b1304_JaffaCakes118
Size

26KB
MD5

f760a54011079d41adba277f404b1304
SHA1

33d927238c9a1d9bca8acdcb7959fdab4a3dfe5f
SHA256

42b9b4d59881cfa491e2b0c713b1b261e023642a75e56c4ede9e67f68d9a9fbf
SHA512

0c2cfdbd1e947ed0e5e0306bb3f4a782d215ed9813922183ad7f11f46f722d391591f81756e963a771bed63432efad5efe91f58283999658ebd83d30fd437634
SSDEEP

768:2ZXLaHdxY+0R0G58igjQEM5tZtr70Xd9N0knw:2BaH/l0R0u8Khtr7w96knw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f760a54011079d41adba277f404b1304_JaffaCakes118

Files

f760a54011079d41adba277f404b1304_JaffaCakes118
.dll windows:4 windows x86 arch:x86

be932b432e7d6ed20b3cd43bb36872a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHGetValueA

rasapi32

RasEnumDevicesA

iphlpapi

GetAdaptersInfo

user32

CloseDesktop

advapi32

CreateProcessAsUserA

Sections

.text
Size: 14KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE