06503090dca4927f39791ea6697f9c83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06503090dca4927f39791ea6697f9c83_JaffaCakes118
Size

62KB
MD5

06503090dca4927f39791ea6697f9c83
SHA1

6503960174065bd95998cdecb2bcb75e6a4a095a
SHA256

c235b53f5ba02f8dfd9b9fb8c7002fb21aa93944a433309e62cea14ab8949019
SHA512

e3497f16c4aed8d7f55cab18e19f120c926b7226471a3fefcdbd0627df564f12ac7e4a81abd08fa52e68d061ac29c09784b4b599072f2b3be5adcaa3bb78acf8
SSDEEP

1536:/hsOftj0Wg5PCrTXHEtttqp55n+XRsBjJfV6IiADuxI3:/hsORO1CrDktt4p5QRsBlLexI3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06503090dca4927f39791ea6697f9c83_JaffaCakes118

Files

06503090dca4927f39791ea6697f9c83_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2a4d1dab99d7285beff89b00d5f2c553

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetCursorPos

winmm

waveOutClose

msvcr100

_unlock

msvcp100

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ

d3dx9_41

D3DXCreateFontA

Sections

_TEXT
Size: 59KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE