de471449c0b8ac68e168ccecdc4b2d90_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de471449c0b8ac68e168ccecdc4b2d90_JaffaCakes118
Size

11KB
MD5

de471449c0b8ac68e168ccecdc4b2d90
SHA1

437f6755a9666bf2c5f34bbcbc58cc47d5cfdb7e
SHA256

4196dc8c3ab4744d76a0f40e43213903bfe0373fe29d55c5ef48443af349ca9a
SHA512

e6e89a56fc845869e165ae2c79c73c5c94428ed291acb9a549ca79ba71b947ea03aab16bac5b567fa61e56bab0f596c72c3667c7db882ebe772255bebdc3d78b
SSDEEP

192:JMbeIU1JIc65Fc5eGyOjiXQRiJtD6UV2RBPwo04s+jsQqhmTD:2U1JI/454pvjSSo1bcw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de471449c0b8ac68e168ccecdc4b2d90_JaffaCakes118

Files

de471449c0b8ac68e168ccecdc4b2d90_JaffaCakes118
.dll windows:6 windows x86 arch:x86

d31a1361712857c118d7eef1b83e7c7b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rtm

MgmTakeInterfaceOwnership
RtmBlockDeleteRoutes
RtmCloseEnumerationHandle
RtmDequeueRouteChangeMessage
RtmGetNetworkCount
MgmGetNextMfe

oleaut32

VarR8FromUI1
VarR8FromI2
VarBstrFromUI2
VarDecFromBool
VarBoolFromR4
VarCyMul
SafeArrayGetElemsize

mapi32

ord46
ord129
ord197
ord33
ord22
ord72
ord45

rtutils

LogEventA
TraceDeregisterExA
RouterLogRegisterA
TraceVprintfExA

msacm32

acmGetVersion
acmStreamOpen
acmFilterDetailsA
acmFormatTagDetailsW
acmFormatTagEnumA

winspool.drv

StartDocDlgA
AddPrinterDriverExA
SetPortA
EnumPrintersA
EnumFormsW
DeletePrintProcessorA

Exports

Exports

Gxkeoxkzs

Sections

.text
Size: 512B - Virtual size: 358B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ