f08727e6b68baf5588c7cfdc7e695172_JaffaCakes118 | Triage

Sharing

General

Target

f08727e6b68baf5588c7cfdc7e695172_JaffaCakes118
Size

57KB
MD5

f08727e6b68baf5588c7cfdc7e695172
SHA1

64876768ee890eafb0c0a2bfb6c48a666ba1a577
SHA256

9c72cc4b195455900ebcb4fda27a161b1e2c10d6cd2c2212a9bc01c0d4b5249e
SHA512

20115fed52ef4a7916abfbafff0e893d1b9a562870847bc4ee66280fbf2c9d45ad89b136b109e03a7d72fe5130473cbe503e243858f91af2d10c2e4fd998484b
SSDEEP

1536:vvbRiV0uSAO2lt2euXyCA/b0qpIoNwkSl1pDid5QRYD:3qSA8eSyxj0cokatidqR4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f08727e6b68baf5588c7cfdc7e695172_JaffaCakes118

Files

f08727e6b68baf5588c7cfdc7e695172_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7484d55e4c6d3e3283d21bc9846ca468

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

??2@YAPAXI@Z

gdi32

CreateDCA

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE