fb29daa6c19f220951a17f0e21ed3659_JaffaCakes118 | Triage

Sharing

General

Target

fb29daa6c19f220951a17f0e21ed3659_JaffaCakes118
Size

57KB
MD5

fb29daa6c19f220951a17f0e21ed3659
SHA1

8ce83cb23b7e9db00a84a2f703f0e30ab541372f
SHA256

e00da21795159de28f701249e3a099f6cc5f5bfb8334e70a324101843fab5315
SHA512

00c2cfad67ab60de4731028942cae17f17cf557e5902a84bea1429eacde5faff53242498d17b87dffbbb470c4491ca4637588300d0aadf26122ecb515f5ade0d
SSDEEP

1536:Zwoq+LsVXP+UnZ+Mtl2zzwShnqNi/JUkYjQ6rHcWTl1NT:ON+oVXd/gzhhPkHXlTT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb29daa6c19f220951a17f0e21ed3659_JaffaCakes118

Files

fb29daa6c19f220951a17f0e21ed3659_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3f6372546361ed1ca3457e353ab257a7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_stricmp

user32

GetWindow

gdi32

DeleteDC

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE