055e9b355f00352f20aae7009489b589_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

055e9b355f00352f20aae7009489b589_JaffaCakes118
Size

57KB
MD5

055e9b355f00352f20aae7009489b589
SHA1

d224232fe6b662143b167c66eb9137599e1e8cbd
SHA256

62cff4b6e3a86b9af25d4b540b0e6972867659e50688a35dc47ba4ead26dd2a4
SHA512

c55714de37ffad289bf637bf8e94546c3f1742a3d5fefe6358a7759e712c969923988aaa1c4fa51c2479ebfee564426bed356bc5edc3456c72119a71546b58ca
SSDEEP

1536:tLUmv/PLVqF/WiSq36uSHax8tcDqaDiDiSq36uSHaC:SmPLVqFePqqu4ax8tcDViDPqqu4aC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
055e9b355f00352f20aae7009489b589_JaffaCakes118

Files

055e9b355f00352f20aae7009489b589_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3593cf11a4dda3c135b80a79bd517590

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

wvsprintfA

wininet

InternetCloseHandle

msvcrt

fseek

gdi32

DeleteDC

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE