ef471ede9eb52c4d67d881df9f0181ef_JaffaCakes118 | Triage

Sharing

General

Target

ef471ede9eb52c4d67d881df9f0181ef_JaffaCakes118
Size

21KB
MD5

ef471ede9eb52c4d67d881df9f0181ef
SHA1

1c130ff1933e55b68fd3c03b231f86011864e52a
SHA256

43ff5c4e3a65f4d4e574f7d180687cfaf66deaaa0d523d2d93ebb05617b75c89
SHA512

fbedbd9f35f5d8f3c4cd7eed31e4ef42c0e781ffa3d3af340e0d5dab2bdd321e9a89a793706dd64208934cab9437ffa6f6a2cffb77aec6973c5f4aa5f61118cf
SSDEEP

384:v/DKQUduxbVi4GiJAhVOUViogh1B5bi0nVOGHAnDiYZlNhk+N14KM/lONQ:v/e8mhVZViogh1BRi8xaDjlk+N14KCh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef471ede9eb52c4d67d881df9f0181ef_JaffaCakes118

Files

ef471ede9eb52c4d67d881df9f0181ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a918de9dafa42bc50fa46f37eef0a954

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_onexit

gdi32

GetDeviceCaps

msvcp60

??0_Lockit@std@@QAE@XZ

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 17KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE