0d6b03dee888a1b7d781715ccf31828d_JaffaCakes118 | Triage

Sharing

General

Target

0d6b03dee888a1b7d781715ccf31828d_JaffaCakes118
Size

70KB
MD5

0d6b03dee888a1b7d781715ccf31828d
SHA1

3e70849096d6110af4f5cbfe71c0a5c4f19b7486
SHA256

861dfcd736fba66d550e1c72db1906c8e6d9e1e4d9326badcf315370964d76d5
SHA512

5fae2f9a9968adb398a3b8765b12abe65866177bbd80dbb2649f01666ba198b9ef7daea2953ebc621d0da299c8e407c84afac2ab05ee9119d12c93261014a1c2
SSDEEP

1536:meGhUZSZFbr124i/0Btr5QZLO+jJvgD4zJ/5:/YUWbw4Iutr1+jJvgD4VR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d6b03dee888a1b7d781715ccf31828d_JaffaCakes118

Files

0d6b03dee888a1b7d781715ccf31828d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

184d5e017a9373dd0dd64c61e3fc48a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

memset

gdi32

CreateDCA

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE