045167745cbd3e967d1166db909bad23_JaffaCakes118 | Triage

Sharing

General

Target

045167745cbd3e967d1166db909bad23_JaffaCakes118
Size

213KB
MD5

045167745cbd3e967d1166db909bad23
SHA1

9a31a83c689e165da8c1e8f58e3d0dfbaf665b4d
SHA256

c50f8c637eb3b9f442f9bb69a71f4b951ce49b61379001455500074675d2a417
SHA512

7c158d1efecb8b0c7b67066f0ae128bbaa2adc560787224a3e7cb293a9f58a14516e2c551a1aa64ea5bd45e35ec11dfa64660c33c4739a63b70bed4118397c33
SSDEEP

6144:TTzJbd3sQ36hYc42ZCtuJPYny37HO/kClRwv5k50ZR:fzJRcujc4mCIZD37HW3lRW5rR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
045167745cbd3e967d1166db909bad23_JaffaCakes118

Files

045167745cbd3e967d1166db909bad23_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b17c90682dca37b09a012106abdc81c9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

ws2_32

WSACleanup

ole32

CoTaskMemFree

wininet

InternetCrackUrlA

urlmon

URLDownloadToFileA

user32

GetForegroundWindow

gdi32

DeleteObject

advapi32

RegCreateKeyExA

shell32

SHGetFolderPathA

oleaut32

SysAllocString

Exports

Exports

Always
CallByControl
GetPlayerVersion
Stop
playAd

Sections

.text
Size: 202KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE