bd6b21e30576af131aba8acc0cb566d3_JaffaCakes118 | Triage

Sharing

General

Target

bd6b21e30576af131aba8acc0cb566d3_JaffaCakes118
Size

64KB
MD5

bd6b21e30576af131aba8acc0cb566d3
SHA1

33cb1a8307d078c6f36a8b0160cc1e09fb6788e5
SHA256

f1c50b437308f36b67da510e65098be4573ce69f8fee19a07779157da1e9d80a
SHA512

2eac275245f1bfa1c6d959851bdfdb9b7a6340d6c729e74b726b5b0af6a63cd1a28d9c2a2e36ef89fcaed6d8838aa3d8d390264566edbe7d5166d921f8e9b997
SSDEEP

1536:KAWj/suBN+XX7/YJM6a5FSRoxx+qi3vAg/rXBOO:KbjkuB0XX7Aud5Fgoxsqi3vAYOO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd6b21e30576af131aba8acc0cb566d3_JaffaCakes118

Files

bd6b21e30576af131aba8acc0cb566d3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e8106a3478d7d9b9d2ff872cba939d15

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_vsnprintf

gdi32

DeleteObject

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 14KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE