63a99c1c89d82cbb23933b0a0942a85c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63a99c1c89d82cbb23933b0a0942a85c_JaffaCakes118
Size

56KB
MD5

63a99c1c89d82cbb23933b0a0942a85c
SHA1

10420fc5b92a52407cc4309df5c358ebd9a59dd8
SHA256

ad63e4d30b1d7f7a9fc8800aac1aefc4edf58a36ad0af2a077fb39654076e116
SHA512

76d93adf1bddc7c39214d1b99668fb5f0e2859e77003895ff5ccee7e0ead9623d3a0feb613c65ca4014524a8a0ab7f558ce0f073b06daf1b6d644a6a817c5204
SSDEEP

1536:s+ItUAg0Y+WiABVQohIpNhqCdP84iODD7a8CTb:wiAm+WiABeohIpNnva8CTb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63a99c1c89d82cbb23933b0a0942a85c_JaffaCakes118

Files

63a99c1c89d82cbb23933b0a0942a85c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b6f38aaa35f5a853035e3d5b330eec2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
_snprintf
_memicmp
memcpy
strrchr
memset

kernel32

LocalFree
DisableThreadLibraryCalls
InterlockedIncrement
GetLastError
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
VirtualAlloc
lstrcpyA
MultiByteToWideChar
LocalAlloc
LoadLibraryA
VirtualFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllPreTranslateMessage

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ