44b0bcfc54ed495d3e5a8379815c9066_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44b0bcfc54ed495d3e5a8379815c9066_JaffaCakes118
Size

20KB
MD5

44b0bcfc54ed495d3e5a8379815c9066
SHA1

7c3ca56e45836fcee5778d9c3824f6355a8f38cf
SHA256

d284c313c79e5b2c30a6ba41f92158969a4e06e29f646b834ae568e31607434f
SHA512

db34a5aee2134df7980f9048b86dd015c64c25127e0e065262d58387183bc0001d3a470e0872c87b27256860b826fc675e5ce52ec803529d84acf11e94417dcf
SSDEEP

384:yElMhIQ3XrZe29/IRLM9Ytaz1xnnuhzu+Y4vfqsV0pL9gGaUkAomCH:ydGQnlr16taz3+Y59gGaUPG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44b0bcfc54ed495d3e5a8379815c9066_JaffaCakes118

Files

44b0bcfc54ed495d3e5a8379815c9066_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ec8810d15cd7950d40b1dbe1c33d4753

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

wsock32

htons

gdi32

DeleteDC

msvcrt

strchr

user32

GetWindowThreadProcessId

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 15KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE