daa363f39bf0d138b588b16e5de63715_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

daa363f39bf0d138b588b16e5de63715_JaffaCakes118
Size

79KB
MD5

daa363f39bf0d138b588b16e5de63715
SHA1

dc51e6a8948e7f6499f43fe94d633a4ba265b7c0
SHA256

bd9c8e70ffe163e82b7bf1c1de7e5bfc8a3cac0c9a1d1bf7d0d896c13dd15421
SHA512

cf43c5d5872bf38f784f5344c464aabded3c5d3d733f5f12a9df51dda75453bd3259ffe63551a6df7aa9d7471d0aeb29e615667c655c96b5caead6fe28984586
SSDEEP

1536:Zwoq+LsVXPWNRemiETCW9TLRWKnkttFmDnZVK4kE1d3kTp7j9JjzEmV:ON+oVXeNR/9k/FqnZVK4k/TJ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daa363f39bf0d138b588b16e5de63715_JaffaCakes118

Files

daa363f39bf0d138b588b16e5de63715_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3f6372546361ed1ca3457e353ab257a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_stricmp

user32

GetWindow

gdi32

DeleteDC

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE