d037cc75fabd0d22ef3d5c61bc1b5030_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d037cc75fabd0d22ef3d5c61bc1b5030_JaffaCakes118
Size

307KB
MD5

d037cc75fabd0d22ef3d5c61bc1b5030
SHA1

f9d3f0cd471739ff911acd82c08770c977d17acd
SHA256

1dfd65907966a299ac630441ab64aac7f72caabbaacab291f09703490a56bb49
SHA512

258c280b642f5524c1a2c13969fcc82d07989cbd6c244b2d5dde57b90cfed790473644701651e535a48fee5f4a4d7dedc59e0af5e82565fe3992ca2109118e38
SSDEEP

6144:41UicMjesdbF8kYaOtahMEx6+ZHTj0z8EmO7KcPvT8qUr0KxXwbiQGJtiPjT:XivjesxF8naZ6+Zzj0zFmAKQ78qUwWQN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d037cc75fabd0d22ef3d5c61bc1b5030_JaffaCakes118

Files

d037cc75fabd0d22ef3d5c61bc1b5030_JaffaCakes118
.dll windows:4 windows x86 arch:x86

88b2be634d94e89de38cd5a5cff6cede

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
ExitProcess
VirtualAlloc
VirtualProtect
VirtualFree

gdi32

LineTo

Sections

.text
Size: 231KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ