202bf5b49324ee220cd79da3fa619937_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

202bf5b49324ee220cd79da3fa619937_JaffaCakes118
Size

52KB
MD5

202bf5b49324ee220cd79da3fa619937
SHA1

9ad0c9dcff7ac3138fdca3468b2e7f3cd508c421
SHA256

112dcc067a1ee215e441230d582f4629bb4a91414fcf152cfb8236244e710d6b
SHA512

44c45370b9d016c3068a9af6f0b6b49cbac519fdcb5abe4f10672e3e460891f213c0475591610814c6c7a214c27584eee05e5595cf7b1428899cf5c7082601fc
SSDEEP

1536:BO++c42PUK618K24usv/lY8N7VnOVnlocga:BOnyC1s4dljh8loR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
202bf5b49324ee220cd79da3fa619937_JaffaCakes118

Files

202bf5b49324ee220cd79da3fa619937_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b3ff97ab8af0214e0798f3e63202a4f6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfA

advapi32

RegCloseKey

ole32

CoTaskMemAlloc

Exports

Exports

winampGetInModule2

Sections

.MPRESS1
Size: 48KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE