2d9573974fcd5d5522fe46b9afafa79a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d9573974fcd5d5522fe46b9afafa79a_JaffaCakes118
Size

91KB
MD5

2d9573974fcd5d5522fe46b9afafa79a
SHA1

3208a633a3ce91d30615c4b77c224556379b9b5b
SHA256

69a8218316add408f43475a49ce63ff74f516ccc05feef1eb24216ae6a06d330
SHA512

7b116b1b88fcdeea582850e7d23cd5aa993edd4366c93b73b2c22140bc712b523b5ff1645e8b819e72d5763daf2f6e0541c4a2cdf3b7cc17c1126e8e146e53a0
SSDEEP

1536:/M8giR8xjGoUhfvUgonKLoMzuGu4wnjIbGTUSMBG1slhQfeAoR79IpWJpQI1y:U48phPObuxnaGTUSE7CC7S2pQM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d9573974fcd5d5522fe46b9afafa79a_JaffaCakes118

Files

2d9573974fcd5d5522fe46b9afafa79a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aeb3a6edff4c9fa3989efcef9a3d4d0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

ShowScrollBar

advapi32

RegQueryValueA

Exports

Exports

andcxdh
gvybuttqs

Sections

.text
Size: 82KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE