258b0842c7116e0003906906be6c682b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

258b0842c7116e0003906906be6c682b_JaffaCakes118
Size

58KB
MD5

258b0842c7116e0003906906be6c682b
SHA1

cc27a41e744d4727a82d74014737271112a824ce
SHA256

0db42f1ac7a3cfd96fc19410c9c62b00323a9880521a00319358239d28f2c817
SHA512

94262ecb22b9b791c09060b8f714120185eac04b709a1b73350ed1caa88a5a0bf96da0df9aca01afb1bb413b7beb6995a9a86c24a037b02b2249e915701ed686
SSDEEP

1536:/ruJjCOQNogsAqkArJt7JTe+ZMnzVmRMRuYeY2RPx:/SP1Dj3JTehmRMeY2Vx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
258b0842c7116e0003906906be6c682b_JaffaCakes118

Files

258b0842c7116e0003906906be6c682b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

bae29f832944ad87f3385ee7100a0e48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_vsnprintf

gdi32

GetDeviceCaps

user32

wsprintfA

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 13KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE