2ca88aedc8a5c335ca4de9d5700fa403_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ca88aedc8a5c335ca4de9d5700fa403_JaffaCakes118
Size

106KB
MD5

2ca88aedc8a5c335ca4de9d5700fa403
SHA1

646e58d717ba03b159e1769a3991af0a2c72cc6e
SHA256

7f145e677802e900744b4f4105c3f5c1fcc4e2648fa4be9c69f04e5b1dfc7a47
SHA512

1637b34823d5194e9b303f5dd550d258ad1f9176c3c605cae736c8d92d17bdf19e17d19efcf9054804e01c16ba272f8629abf3176d1f4432918d9181bb2e5bb2
SSDEEP

1536:dWYrS8UW1SRQ8/l7qDGXl6n7cHmDC1gry4MD15RfM0n4FSRRl4EAd57m7zXU8wEO:dNrSnu8IcWry4+GFSrl4vdY7rU/EO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ca88aedc8a5c335ca4de9d5700fa403_JaffaCakes118

Files

2ca88aedc8a5c335ca4de9d5700fa403_JaffaCakes118
.dll windows:5 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Exports

Exports

?StartInject@@YAIPAUHWND__@@0@Z
?StopInject@@YAIPAUHWND__@@@Z

Sections

.text
Size: 100KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE