041df590d337142c584349b5d7d8d0e7_JaffaCakes118 | Triage

Sharing

General

Target

041df590d337142c584349b5d7d8d0e7_JaffaCakes118
Size

41KB
MD5

041df590d337142c584349b5d7d8d0e7
SHA1

b88d7238d57103ecf02cd6e34e94c7897336df94
SHA256

81f57b6d694f6523d2d961b7faeeea18ba60de6abf626e9d85bfed5eba4c6d0d
SHA512

2889fee16c195be3b008c5e3a51924fe3936a6e8aef3059676bf6fee80480fb8fe8281e3743b068e723477820250201a29b06a28aa32c63c43025d8a33aa0bf2
SSDEEP

768:aOvgwSPD/wbAx2FtBp3IqUfvHGDwrAhJvA6POw/bE5P+z7EXj:aUwDQA6OvfG8czvA6Wx5m7EX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
041df590d337142c584349b5d7d8d0e7_JaffaCakes118

Files

041df590d337142c584349b5d7d8d0e7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

786c270f9bf875c3346c75a1ea619a6b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

InvertRgn
PolyPatBlt
RectVisible
CreateRectRgn

msvcrt

_copysign
__p__tzname
__p__wpgmptr
_mbsnicmp
_dup
_getws
_inp

kernel32

CreateEventW
GetCommConfig
GetCurrentProcessId
GetThreadLocale
LocalAlloc
LocalHandle

Sections

.text
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE