9f0bbbb2bebc5da9eed15b03ee9614b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9f0bbbb2bebc5da9eed15b03ee9614b2_JaffaCakes118
Size

31KB
MD5

9f0bbbb2bebc5da9eed15b03ee9614b2
SHA1

a7f366e3f73236a2daec4dbeeb5a0aa89371b659
SHA256

ab501125abbf9f40374af63f8c78ea352309b64da8a95dbc75fb76720d93e8a6
SHA512

41b3ef549fd95fde676ab93634c813f9333f8b652b5e4336ab16d9e3028e169b1892abe5e098fec2fe6300e3150f2443b9cf5775d70ed70840fb5389d39a3495
SSDEEP

768:ggBPRFV6k81yuyeODONSCm6lxThxks23/hZl7Dn:ggBJFV6HceXsCS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f0bbbb2bebc5da9eed15b03ee9614b2_JaffaCakes118

Files

9f0bbbb2bebc5da9eed15b03ee9614b2_JaffaCakes118
.dll windows:6 windows x86 arch:x86

c4303873fc079bee6c96a86d1bcb5335

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetProcAddress

msvcrt

free

ntdll

RtlUnwind

user32

LoadStringW

advapi32

CopySid

oleaut32

SysFreeString

ole32

CoTaskMemFree

shlwapi

ord219

gdi32

PatBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.MPRESS1
Size: 26KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE