2dab60cb578b939391a660ec413de806_JaffaCakes118 | Triage

Sharing

General

Target

2dab60cb578b939391a660ec413de806_JaffaCakes118
Size

10KB
MD5

2dab60cb578b939391a660ec413de806
SHA1

eb417123ce7756badb27b154620a9ee3d78f55b9
SHA256

6cc53af7fb844b8707b52fbdcd0c4479ffb58cfd51d07f4c0a885033879ae19e
SHA512

768eb205f5975dcf76a63b1cd54e24d5115288b539aa810b435427222a98e6eb79cd16f3f614ef2051d1e059b97a5f8819d4098dde067f20955016779c746fd4
SSDEEP

192:1KSGngM5oLo+uNjqQt4zkbtSpMLrdvIM0HOS:1+54uN/WardvIMb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2dab60cb578b939391a660ec413de806_JaffaCakes118

Files

2dab60cb578b939391a660ec413de806_JaffaCakes118
.dll windows:4 windows x86 arch:x86

20317d699e76f48e05e1c95beaae2b6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
HeapAlloc
HeapFree
HeapReAlloc
lstrcmpA
lstrcpyA
GetProcessHeap
MapViewOfFile
CreateFileMappingA
CloseHandle
UnmapViewOfFile

user32

LoadCursorA
wsprintfA
EnumChildWindows
CallWindowProcA
GetWindowTextA
SetWindowLongA
GetDlgItem
SetCapture
ReleaseCapture
GetDesktopWindow
IsWindow
SetCursor
GetClientRect
SendMessageA

ole32

OleUninitialize
OleInitialize
CoGetClassObject

oleaut32

VariantClear
SysFreeString
DispGetParam
VariantInit

Exports

Exports

LoadDll
UnloadDll
attach
back
caption
capture
cursor
detach
find
forward
handler
home
item
margins
name
navigate
print
ready
refresh
release
search
select
selected
stop
url
version
zoom

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ