bd525046bb8b7951909c058c421dd064_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd525046bb8b7951909c058c421dd064_JaffaCakes118
Size

83KB
MD5

bd525046bb8b7951909c058c421dd064
SHA1

8ab7d608472062cafd03801d30dc641e01f562a0
SHA256

e35192f854501e90b119c7ad5b395d7ae0fcc90ace64eea4065e1f3f421b9396
SHA512

1f0d5601e1c648a783bdbb2113352292d94f474b1b87f1c9bbca4a6a1f816a57f2f74086d2cb87a1e9c0fb5c75a66a87e1b1cb2b333d5ed4f780417f699f5f89
SSDEEP

1536:/7MYloVC9UD1T7tWR+3egFKObpcHLjnJo8XW+QmOXYr3IpKYadh2Pxcaxq1v:A44C9GY+3egFKOCrjJjRXFJdh2P6x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd525046bb8b7951909c058c421dd064_JaffaCakes118

Files

bd525046bb8b7951909c058c421dd064_JaffaCakes118
.dll windows:4 windows x86 arch:x86

946a5c3d9d1f8e65a51d73020a599993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_vsnprintf

wsock32

connect

gdi32

DeleteObject

user32

UnhookWindowsHookEx

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 15KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE