047051c08f3bf782c1c0a62822017df2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

047051c08f3bf782c1c0a62822017df2_JaffaCakes118
Size

452KB
MD5

047051c08f3bf782c1c0a62822017df2
SHA1

035863e8df07cf92a29af4137afada195bdcd640
SHA256

c41c70a33372405ca9881ed6545f7f57a0aa3d8829c7e7f1119edf69c88aedcd
SHA512

cee1854edd844f4d8ce821784bce4d3bb786a3ac6828772e96865f11e6e1f381ced88dba9b1f23dc9f787742f80a08658cdd69abd6123d8f792a638c22528605
SSDEEP

12288:ZwkP3xC8JzLSD3LW1IW+zLmm4JY8RikNjM1t8ag8UNhrnCf45:Zwyh/JPS7L42P428RdoFuhrn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
047051c08f3bf782c1c0a62822017df2_JaffaCakes118

Files

047051c08f3bf782c1c0a62822017df2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

97fd8f04cf00c6c4234660f3f08ab3d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

y_base

??0YFile@@QAE@XZ

oocore

?normalize@Vector3@oo@@QAEXXZ

ooobject

?loadFromFile@OObject@oo@@SAPAV12@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAK@Z

oographics

?setPosition@Camera@oo@@QAEXABVVector3@2@@Z

editor

?getClass@EntityActor@@UBEPAVOClass@oo@@XZ

_phyexp2.pyd

?_objVisit@PCamera@@UAEXAAUArgWriteXml@oo@@_N@Z

user32

GetCursorPos

shell32

SHFileOperationA

ole32

CoInitialize

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

_itoa

shlwapi

PathIsDirectoryA

urlmon

URLDownloadToFileA

ws2_32

WSAStartup

Sections

.text
Size: 444KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE