8259782600e11a0e400af7d54dcbe7df_JaffaCakes118 | Triage

Sharing

General

Target

8259782600e11a0e400af7d54dcbe7df_JaffaCakes118
Size

20KB
MD5

8259782600e11a0e400af7d54dcbe7df
SHA1

e172cb67f241abd46261b693d8ce2c41086c3d31
SHA256

a317ce6a81ea96383558ed4673170b6223591c4b7fff2c904d6af2098708384f
SHA512

8206d1260be37c4892ef4dd620867ea2b22360936fe4cb06544eab31d8c0ab15a0da5b1f5457ae05f0901c6dcc3676bcd4b7ee6760016f486368188aa7d0caf9
SSDEEP

384:6AMLdW6ThQUzuK3hZbFMJ+ieQizpL95yamxndPtCdUWwjK6gkaKdG:Kdje/K3hkJ+JFJspZdPt03EK6raKdG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8259782600e11a0e400af7d54dcbe7df_JaffaCakes118

Files

8259782600e11a0e400af7d54dcbe7df_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c64bcdd189c9e965c2f2d1182999a4ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wininet

HttpQueryInfoA

ws2_32

inet_ntoa

shlwapi

SHDeleteKeyA

psapi

EnumProcesses

mfc42

ord4424

msvcrt

??1type_info@@UAE@XZ

user32

CharUpperA

advapi32

LookupPrivilegeValueA

Exports

Exports

SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain

Sections

.text
Size: 13KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE