61db705ee08821d039cd7d8e8bd66201_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61db705ee08821d039cd7d8e8bd66201_JaffaCakes118
Size

82KB
MD5

61db705ee08821d039cd7d8e8bd66201
SHA1

e96b9a5858b35118a3225b26be38a11e6c0e8628
SHA256

07c0be12f26f960b8e605f42b6f97f5567da9f36abce656b1f5f035853babf54
SHA512

d0443d240d6fb1b2ed6c95a44a70b69eb802fa6e3435937578a81ff3813942fcecee6d2a5b7b15dde42b2af471b29979bfa15905116057d5a83aa1dd72df6533
SSDEEP

1536:Zwoq+LsVXPYtVFqEe50m/FZm4Yh1y/bfUq2x3ZPueQewOjcg:ON+oVXwtV92Ng4Yh10bfULPueQeRv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61db705ee08821d039cd7d8e8bd66201_JaffaCakes118

Files

61db705ee08821d039cd7d8e8bd66201_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3f6372546361ed1ca3457e353ab257a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_stricmp

user32

GetWindow

gdi32

DeleteDC

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE