0d5923fc071fe497d4f00216688ad99d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0d5923fc071fe497d4f00216688ad99d_JaffaCakes118
Size

71KB
MD5

0d5923fc071fe497d4f00216688ad99d
SHA1

9b850f7a5062bf1f10accd87696580375ea2a3b7
SHA256

dd1a4bcafed4f38357c735bc020e97e36305b8ee4148fd4647f268133b2c90a2
SHA512

5fb1c206242d2c1a3c05fa96174a4d71a2831c2a76210ab359de10cc663ae41ac0aff57d8b621009b404605199da9d90e3d017610eddaf90247a331d1947efbe
SSDEEP

1536:XeGhUZS1tXzP7gNtRQpOkNHBpAMdv7cYXSnPqOJS+gOL0Glgwj:uYU+DMtR6OChJGyOJSlUgw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d5923fc071fe497d4f00216688ad99d_JaffaCakes118

Files

0d5923fc071fe497d4f00216688ad99d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

184d5e017a9373dd0dd64c61e3fc48a8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

memset

gdi32

CreateDCA

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE