7872559e4d6fb764fd7485447460f988_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7872559e4d6fb764fd7485447460f988_JaffaCakes118
Size

232KB
MD5

7872559e4d6fb764fd7485447460f988
SHA1

162935abcd5b4f7d3de5d303ad88dcd95bdeb4be
SHA256

b4fe05cf594a80d47a059c7af252d66a8ba2c5ade1c14fad7f30a2c4f9230559
SHA512

55e7801f2a272d2cbf11c41f41e34f64e71e8d906fdc219d3abcada997aae5316bef0c515d93ae4e06136e5c73898804a6609e0997f6af35660927b7f5d5f760
SSDEEP

6144:4xIZ0NcQbSb0k6BSqXXufgp7FeJMruQVqusuc6M7R:4xIZhDD6B3XufpauQYuc6W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7872559e4d6fb764fd7485447460f988_JaffaCakes118

Files

7872559e4d6fb764fd7485447460f988_JaffaCakes118
.dll windows:5 windows x86 arch:x86

d1b0ed5f83f8e212fb4586ca545e3908

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

FillRect

gdi32

GetCurrentObject

msvcp100

?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z

msvcr100

_CxxThrowException

Exports

Exports

FW1CreateFactory
_FW1CreateFactory@8

Sections

.text
Size: 226KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE