074f78c28d5264fde2b82aa01509204c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

074f78c28d5264fde2b82aa01509204c_JaffaCakes118
Size

20KB
MD5

074f78c28d5264fde2b82aa01509204c
SHA1

9710f4f191a69a61c525f9a91cce50c8221a16ea
SHA256

420c77c44ae1d2778f5d8b2d8d70127ecd83806fc22c465877e835a67ecd93d2
SHA512

72524a82e8bcc13edf290bdef13dabee5abc3d2ad81b74fe416a44cfcba396a392a061e8a3c40e40c4e92d2cfe17353c9e1a116192914882e269b03188893cb3
SSDEEP

384:AamRJ3+cIIKBPaO7zhiYG3co7Iq4cUR0YTqR7khACP2D:qWzIKBHzhiVcpcRYuR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
074f78c28d5264fde2b82aa01509204c_JaffaCakes118

Files

074f78c28d5264fde2b82aa01509204c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

8a05fdb99f4366abd5a51986f054eb2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHGetValueA

rasapi32

RasEnumDevicesA

iphlpapi

GetAdaptersInfo

user32

GetThreadDesktop

advapi32

CreateProcessAsUserA

Exports

Exports

EvtShutdown
EvtStartup
inst
run
tes

Sections

.text
Size: 10KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE