f9c762d88279a5a83433bb3d07e6abe5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9c762d88279a5a83433bb3d07e6abe5_JaffaCakes118
Size

308KB
MD5

f9c762d88279a5a83433bb3d07e6abe5
SHA1

1ed1ab81a79c3cffcd55788b2705b073bee06aef
SHA256

f1e357f7de403492f253fa74931891c1d0d3ef9a64c8318365f0fe84d73c74f0
SHA512

beecd344b95a6f2f834f036fd3b21ca9198bd1a366ebb88918579bb3949829785fa72f84a865579607b1fc3caac6bee71784c5ab3b21a9eed32be4b0a368d925
SSDEEP

6144:A4yMTX1hxX07clB2xmthoodX8KBQ/5YiEArmP2DL+oDx7T24YOmp/cM4eHuK8T:D32g2o518KBQxYiD6PsRD01OEUK8T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9c762d88279a5a83433bb3d07e6abe5_JaffaCakes118

Files

f9c762d88279a5a83433bb3d07e6abe5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d0801690c506af4acdea5b312433f4c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
VirtualAlloc
VirtualFree
GetProcAddress
LoadLibraryA

user32

GetDesktopWindow
GetDC

gdi32

LineTo

Sections

.text
Size: 235KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ