f4d2742138d06b1077965b3bbe7a6436_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4d2742138d06b1077965b3bbe7a6436_JaffaCakes118
Size

59KB
MD5

f4d2742138d06b1077965b3bbe7a6436
SHA1

29d0e310043f004994b41eece0f6c160345a9d10
SHA256

223f2048cc572333fe4c21e3930268d554e3453b2b857d1a96f4ec5c99a80d5b
SHA512

498893359fcfe00ad319898a9ced719708868e33c45c8ec23153714437a9fa023308623d30c1b2ce6b6b5378fc284db59c5004639fa0ac1206bab555095a2116
SSDEEP

1536:5SwlKC19SnIhSmCgtf3R11LaI99XDDTzFXqLmimgzWN:lAMP3X1LZpTRXZgzWN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4d2742138d06b1077965b3bbe7a6436_JaffaCakes118

Files

f4d2742138d06b1077965b3bbe7a6436_JaffaCakes118
.dll windows:4 windows x86 arch:x86

946a5c3d9d1f8e65a51d73020a599993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_vsnprintf

wsock32

connect

gdi32

DeleteObject

user32

UnhookWindowsHookEx

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 16KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE