a642b7050f772e946d495421bdd80464_JaffaCakes118 | Triage

Sharing

General

Target

a642b7050f772e946d495421bdd80464_JaffaCakes118
Size

63KB
MD5

a642b7050f772e946d495421bdd80464
SHA1

825c232ddd9d03f5f6b4ed7e65a0e22ae1de6250
SHA256

1b8bdb0c127590996fb567bf8c90deafe2fc8b4de83de1f0e6bf61d44753f285
SHA512

261d2ee8ea9da31c7ea54a98684812abc92832a0621b9a5a56789493721762cfe6a3c93ea8445e0c054cb8fa21f1c16d6881cfbf125f4d34d8c802184563c8ac
SSDEEP

1536:T7MYloVC9UD1Tr3Mn+zoqHbkyg7S6egmfPG2CYGq/DNQ:U44C9GX3Mn6og54PmfPGnfgQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a642b7050f772e946d495421bdd80464_JaffaCakes118

Files

a642b7050f772e946d495421bdd80464_JaffaCakes118
.dll windows:4 windows x86 arch:x86

946a5c3d9d1f8e65a51d73020a599993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_vsnprintf

wsock32

connect

gdi32

DeleteObject

user32

UnhookWindowsHookEx

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 15KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE