36abc044140ab57b8d4524603c4928d6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36abc044140ab57b8d4524603c4928d6_JaffaCakes118
Size

25KB
MD5

36abc044140ab57b8d4524603c4928d6
SHA1

87c77a126a93a758f7ab45221daa1fcaa8030f06
SHA256

72c7eaac217b7f016ce3b089153eae141fc7ad08af11647b9ce36fdffa360d0d
SHA512

a24091241702bf863939ee83e675c3aaf15f121af08d39e52885dcff2fb59dce493238ba15b3bfbbe2bc92b8a37a31cb1e1e984e930f9a62c625f2ee50ec9a80
SSDEEP

384:CW2qYkdMs2Vf7vqhzubSAdC/0PsmBPtTLE3hUK80E0M0:CW2qFIVfozKS2s03hlsX80PM0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36abc044140ab57b8d4524603c4928d6_JaffaCakes118

Files

36abc044140ab57b8d4524603c4928d6_JaffaCakes118
.dll windows:4 windows x86 arch:x86

be932b432e7d6ed20b3cd43bb36872a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHGetValueA

rasapi32

RasEnumDevicesA

iphlpapi

GetAdaptersInfo

user32

CloseDesktop

advapi32

CreateProcessAsUserA

Sections

.text
Size: 14KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE