649c534ef7897872f9d2e8abb126145c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

649c534ef7897872f9d2e8abb126145c_JaffaCakes118
Size

68KB
MD5

649c534ef7897872f9d2e8abb126145c
SHA1

b82a808739cebf56ffe0f48293257f1b9abd7fd8
SHA256

2168239de8bb70ff4b136dd071428551396004305c46dc35d9d9fb0fa9cc6830
SHA512

e10d49fd88b01233e0934c770a8ea9bf93aa43a585ed9e64c039363f389c5aceb9e6604b8e51a34f16de1d0dda6e35f13646c7648a571f1add7fc47a6b2ac321
SSDEEP

1536:iFzN559FOPCSMtuFYP6Zeok3+x50Ha2ICn1q/M0a:gzPQCSMtuxZeoib62IA1F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
649c534ef7897872f9d2e8abb126145c_JaffaCakes118

Files

649c534ef7897872f9d2e8abb126145c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ed07c85613693a6fc23dd15c1255325a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_strcmpi

iphlpapi

GetAdaptersInfo

gdi32

BitBlt

user32

GetWindowRect

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE