47a079d36fef88415419f28d375eb3b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

47a079d36fef88415419f28d375eb3b1_JaffaCakes118
Size

208KB
MD5

47a079d36fef88415419f28d375eb3b1
SHA1

b996c649cbac367ad1ae3071cdf409eeb19c3c28
SHA256

45f040ead751adc5d627f88238ea80d2b7d152b85d98ae7f012e6dd43e41f62e
SHA512

339feb656690312424aa45897bce66b24d45fc91ba855f4779fe8298a40bac876c0eb2d713b23c982db321654b3a25dc7be9fcad4b732feef6a40b4fadd589fc
SSDEEP

6144:TywglUM2qV+sB3DEG3pVGM48fDaUy+5pePr5j6uO:GwhClBzEwXGM487tkNj6uO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47a079d36fef88415419f28d375eb3b1_JaffaCakes118

Files

47a079d36fef88415419f28d375eb3b1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3a83b4a2f39a68c25476f9c9ed699205

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

gethostbyname

ole32

CoTaskMemRealloc

wininet

InternetOpenA

urlmon

URLDownloadToFileA

user32

GetForegroundWindow

gdi32

DeleteObject

advapi32

RegOpenKeyA

oleaut32

SysAllocString

Exports

Exports

Always
CallByControl
FKingSoft
GetPlayerVersion
Stop
playAds

Sections

.text
Size: 198KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE