73ab98345b564f34dc89cbc0458da757_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

73ab98345b564f34dc89cbc0458da757_JaffaCakes118
Size

212KB
MD5

73ab98345b564f34dc89cbc0458da757
SHA1

566e41055be21d0b56a8001df26edd3eb5fe732a
SHA256

5757662f6103ac28627550102e5fbc776e701c27e51fbdfeaf7959c6bf671c5c
SHA512

b5166e806ee4e8b37528c4da6beadf5e5fb2943080952f2c7b24ea74ae5255b251849e271b562a3fb62bfb82abedcabfd43bc2ace80a5e38367f8de782df70ab
SSDEEP

6144:JzXiZnlDIIkSdFdUQARN+L4GiT5zYICIPJxi+s:JzXu5IIPsNQiTtY4P3q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
73ab98345b564f34dc89cbc0458da757_JaffaCakes118

Files

73ab98345b564f34dc89cbc0458da757_JaffaCakes118
.dll windows:4 windows x86 arch:x86

71abed0184f8719a56d323c5c3e922ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

WSACleanup

ole32

CoTaskMemFree

wininet

InternetReadFile

urlmon

URLDownloadToFileA

user32

GetForegroundWindow

gdi32

CreateRectRgn

advapi32

RegQueryValueExA

shell32

SHGetFolderPathA

oleaut32

SysAllocString

Exports

Exports

Always
DownloadDLL
GetPlayerVersion
KingsStop
KingsUp
_JDIS_DISOSD_S
playAdk

Sections

.text
Size: 201KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE