7abfa619a5851d4b80dc063ac9bc2348_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7abfa619a5851d4b80dc063ac9bc2348_JaffaCakes118
Size

31KB
MD5

7abfa619a5851d4b80dc063ac9bc2348
SHA1

bd6d9cf927eaa8b9dabb1b0211acfa1efe829768
SHA256

9159634603e5323090dadb465b19da5c1ca607893e2aef509ba9b84e3575763f
SHA512

02a33d2313425513be379208805f6897a9e4217d6f0e14ef7e62efe741f53cd5406d477b5bdadf6fa65c4f2a30d7a69258e5a96d94161af2f1c2a1d13c48690a
SSDEEP

768:2C2s7PN1BkWJsR3vMQhTaidycDGhSKO7Di:2Cjl1BKUYZycDG3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7abfa619a5851d4b80dc063ac9bc2348_JaffaCakes118

Files

7abfa619a5851d4b80dc063ac9bc2348_JaffaCakes118
.dll windows:5 windows x86 arch:x86

180b1866ae3fb2acb8585f79d15460fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

wcscat

rtm

RtmIsRoute

adptif

FwIsStarted

advapi32

RegCloseKey

rtutils

TracePrintfA

Exports

Exports

DllMain
RegisterProtocol
ServiceMain

Sections

.MPRESS1
Size: 26KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE