860cc8065a2f627caa15a1e961a26b89_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

860cc8065a2f627caa15a1e961a26b89_JaffaCakes118
Size

24KB
MD5

860cc8065a2f627caa15a1e961a26b89
SHA1

8c6843d3e0667ed6f298bb42f3c7205426fef90c
SHA256

1cc179fd4ff83e097b9aa0e9f42d244e6346d6f9592d50af8979c220bd0d6308
SHA512

991e9785f2f88a5f1da66be3f29bb069dc8d9d2e417185da1448a42c319d10e9c68296e776b9b5cb554949e3f91eb1af79b15b58e8a76df54cd397ef515a88ca
SSDEEP

384:7/taYHka2HvSpdLuDAqgqihMB3tbhEShYQh0VNl1IJHBROgCw42myaQ25zWPx:7QYEa2HvaducqbihM3aS2Q+Nl14LA2ub

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
860cc8065a2f627caa15a1e961a26b89_JaffaCakes118

Files

860cc8065a2f627caa15a1e961a26b89_JaffaCakes118
.dll windows:4 windows x86 arch:x86

be932b432e7d6ed20b3cd43bb36872a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHGetValueA

rasapi32

RasEnumDevicesA

iphlpapi

GetAdaptersInfo

user32

CloseDesktop

advapi32

CreateProcessAsUserA

Exports

Exports

EvtShutdown
EvtStartup
inst
run
tes

Sections

.text
Size: 13KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE