3f72ec7aa0ee5089df821c9d1f396538_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3f72ec7aa0ee5089df821c9d1f396538_JaffaCakes118
Size

74KB
MD5

3f72ec7aa0ee5089df821c9d1f396538
SHA1

86486ce438e80d9fc20696a7015c005363edba3a
SHA256

441d3264686a74b1b524692376384e191b1cc5f0b0ab1cec742cdb77ce79ebfc
SHA512

26deae82846c3a33c8d2b566487847c9df0385dc76d948fba13d70a78e7bf023aaf0ec42e9cdfd6ef5c1ae9636d5b31549e81844d60195329c53d2d8e6cd65ec
SSDEEP

1536:3svIM3tv9aS1Y2xj2Ciwe6OVzlADTPX7uPkb3y1n+fGrT9mTtz2:3sv13tv9a6Vawe6AzlOTPqsbC1n+fUk0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f72ec7aa0ee5089df821c9d1f396538_JaffaCakes118

Files

3f72ec7aa0ee5089df821c9d1f396538_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e8106a3478d7d9b9d2ff872cba939d15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_vsnprintf

gdi32

DeleteObject

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 14KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE