29980831359683090c537a63b7e0c714_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29980831359683090c537a63b7e0c714_JaffaCakes118
Size

106KB
MD5

29980831359683090c537a63b7e0c714
SHA1

c835e3fe390b8a5250853741e297bdbdd6fea8a4
SHA256

981f1d0bde9c2785ae1634d791b27b9774bfc887650f4ccd9a5710c44f6ba542
SHA512

eea255465e5d4ed33e371bdf72f1adfc8164e31e5f6fef3ceb00fd29479bf3817c2810cffd7bd7673b02b09fcc283b2bb1baa4c9eb2abda472548a2397c878b2
SSDEEP

1536:J9zwUdZ28t9bZ1tBz2knEzftzN69yVm5pKIRGRJew0NeipTA9DblnsRRJ1hybdad:J9OYNnvuzXZxIRGvewIeeC41h8d3W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29980831359683090c537a63b7e0c714_JaffaCakes118

Files

29980831359683090c537a63b7e0c714_JaffaCakes118
.dll windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

?StartInject@@YAIPAUHWND__@@0@Z
?StopInject@@YAIPAUHWND__@@@Z

Sections

.text
Size: 100KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE