377dcbf732f848a71c5eec5fb41de7d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

377dcbf732f848a71c5eec5fb41de7d9_JaffaCakes118
Size

219KB
MD5

377dcbf732f848a71c5eec5fb41de7d9
SHA1

7fff8bd66b73d23244d41986304e56feb3fb85e6
SHA256

7cddd0d6d5480460b8991cb3dfb12b31df5525400a808c4a72725c310818d254
SHA512

6751ae444e6c0399ec6a17e51c381b4eae6f0c8645a367f734be115bd49557625e0792ca59050acfbac0aa85ba3ebefca99c595ba358150ec748f41b262f1707
SSDEEP

3072:fC3q3fqqx6N+RYorGvy6ZMu5A9zd3RCDN4vCFV0sc/m67CAxwe7c6k6DRWR1Z+kv:O6R0q66pBRvCFV8V7CHe4FblnYBYsKP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
377dcbf732f848a71c5eec5fb41de7d9_JaffaCakes118

Files

377dcbf732f848a71c5eec5fb41de7d9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

354aed026eeaf9b59abc4eff038fa72f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

WSACleanup

ole32

CoTaskMemFree

wininet

InternetReadFile

urlmon

URLDownloadToFileA

user32

GetForegroundWindow

gdi32

DeleteObject

advapi32

RegQueryValueExA

shell32

SHGetFolderPathA

oleaut32

SysAllocString

Exports

Exports

Always
CallByControl
FukFunc
GetPlayerVersion
Run
Start
Stop
playAda

Sections

.text
Size: 209KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE