ad1486cb79901179c486fad26099afbb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ad1486cb79901179c486fad26099afbb_JaffaCakes118
Size

21KB
MD5

ad1486cb79901179c486fad26099afbb
SHA1

3650d211767643aabe05dcb98706086ebab50fee
SHA256

a5f5b0fcf6fe036d36969d5c6c5c7d1c28339759a34b7285b5e84a0ee08a124e
SHA512

04778690c2fc189894eee5f210e580d75b50eb08abe72172fa2a5407b78b0463a37a6924f092861ea84be25a9ed8fc5769ea94c9ff9bd63e77b2dce99890501d
SSDEEP

384:o1hp7DtH5f4GJF1qomMe6zwtJ5+cajDduMZPxFytLoUb4iYz7vvxlLnWSMOW:a1HF4GQomoCJ5+c9KpxUb4i27DY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad1486cb79901179c486fad26099afbb_JaffaCakes118

Files

ad1486cb79901179c486fad26099afbb_JaffaCakes118
.dll windows:5 windows x86 arch:x86

737a52dbffbdb2e176a6eec8aee8ad5e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

wcscat

rtm

RtmIsRoute

adptif

FwStop

advapi32

RegCloseKey

rtutils

TracePrintfA

Exports

Exports

StartRouter

Sections

.MPRESS1
Size: 16KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE