f6a78454e77ed7c67a675b5ea304ed51_JaffaCakes118 | Triage

Sharing

General

Target

f6a78454e77ed7c67a675b5ea304ed51_JaffaCakes118
Size

207KB
MD5

f6a78454e77ed7c67a675b5ea304ed51
SHA1

8dba0519a8b89b671705016010d4ef09a9446d57
SHA256

1d6dd3b2416eb626c3316e9e29b2f206159c1deb68aacee2ed5dce637820ae4d
SHA512

f3ab0dc2cd583b186cfae4ea0d57aead1821d1924ce10681e426a4f4ee20a51282f2a5563b2c2f0cf82bdd6c11a6bba9823a026e9a82d4d95ea2e982b2eab37e
SSDEEP

3072:nRQGQ9b/hVR2S/Cx2PrVJJ1yCIinh7YCcU2Ji8+Yi0PD5kgjLigY+xh7+Qrf6Fhu:nDQp/qxM7R7nhMxUmoSjLBYWiNFw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6a78454e77ed7c67a675b5ea304ed51_JaffaCakes118

Files

f6a78454e77ed7c67a675b5ea304ed51_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a5435c5c90e00547a474e437c0ab9260

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

gethostbyname

ole32

CoTaskMemRealloc

wininet

InternetOpenA

urlmon

URLDownloadToFileA

user32

GetForegroundWindow

gdi32

RestoreDC

advapi32

RegOpenKeyA

oleaut32

SysAllocString

Exports

Exports

Always
CallByControl
GetPlayerVersion
Stop
playAds

Sections

.text
Size: 197KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE