54c360aca5507be0abbda66794dc820c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54c360aca5507be0abbda66794dc820c_JaffaCakes118
Size

15KB
MD5

54c360aca5507be0abbda66794dc820c
SHA1

01335dfd7539ce836d3dd1bad586997d29eca358
SHA256

da25bc11690261204d65ad6eef71e54197f50d1cf90b6e068216926e7d5b30b4
SHA512

3de5750b939ed5374b59f3b84b622eee4e5f23418771ea0243868c817b742143b3faa0968500bea02937cc2ff9b970c8487120b1397f6b5fd3dd58796c81bd5d
SSDEEP

192:kz8qqx6dxVd/5TPsW9DMWqMUNO5TFkTKH7nP6s+GeAy8i5d6luRNo7IqyYpAY5AR:itrqWKMcWTiKl+xdRC7I2AY5A8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54c360aca5507be0abbda66794dc820c_JaffaCakes118

Files

54c360aca5507be0abbda66794dc820c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9846297b712212dcd11a3abafab63b9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shlwapi

SHDeleteKeyA

rasapi32

RasEnumDevicesA

iphlpapi

GetAdaptersInfo

user32

SetThreadDesktop

advapi32

OpenProcessToken

Exports

Exports

EvtShutdown
EvtStartup
StartMain
inst
run

Sections

.text
Size: 9KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE