3f5227aa988885a60527424f26da65a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f5227aa988885a60527424f26da65a3_JaffaCakes118
Size

75KB
MD5

3f5227aa988885a60527424f26da65a3
SHA1

6b75f80616b67a4d329d2360cf68680ec3798dd3
SHA256

fabecbc3272633f8eb7b57794d9a22b3849680d8f88ec803a674cce6471695be
SHA512

bcae0375eb784b27cc28f6d2f64931564bc62fcfb67791124d6d501a7c52b582ca17ba87a1acef4a86407bfb53cc5b2534e02db77d7061cc22baa876c113c37c
SSDEEP

1536:vvbRiV0uSAO2ltjPFXA7kJq2fqBSJiOxp2AmtWGfWlVJmKzh9VdgpYlTa8IPAb:3qSAdZ46q3BOxp2AOWP197gpYl2a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f5227aa988885a60527424f26da65a3_JaffaCakes118

Files

3f5227aa988885a60527424f26da65a3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7484d55e4c6d3e3283d21bc9846ca468

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

??2@YAPAXI@Z

gdi32

CreateDCA

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE