49c15939e33322c03513e8e048377e19_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

49c15939e33322c03513e8e048377e19_JaffaCakes118
Size

39KB
MD5

49c15939e33322c03513e8e048377e19
SHA1

0330a1fb7851200d7f84aab61ccc87cc2bbebfee
SHA256

8e6d7e834ccc657a97929c35c8e7c91a5a3064505b75103a7be93d1b11b357c2
SHA512

62dfacf281d3515f671ea687d1bd9b10c840800bbb0ccf3dd74604e0b7ee7270b201633bdf258dad4d86ae3bef35f75458960b9cafe8b0a1a5f212cebf696a56
SSDEEP

768:I9Uo0KdSsjrKSWuGdviE+Z4CPlh6aKRpsf2IHVzcLOk4IRc7D:Vo0MzGuv42hwgOIxcLV4I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49c15939e33322c03513e8e048377e19_JaffaCakes118

Files

49c15939e33322c03513e8e048377e19_JaffaCakes118
.dll windows:5 windows x86 arch:x86

ca0a8d66788c966f93385d2f5962d241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

wsprintfA

advapi32

RegCloseKey

shlwapi

StrStrIA

wininet

InternetOpenA

Exports

Exports

DllMain
DuAbortDownload
DuBeginDownload
DuDoDetection
DuInitializeA
DuInitializeW
DuUninitialize
SetEstimatedDownloadSpeed

Sections

.MPRESS1
Size: 35KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE