559a7cdce3897113348b5e4175ee02c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

559a7cdce3897113348b5e4175ee02c7_JaffaCakes118
Size

67KB
MD5

559a7cdce3897113348b5e4175ee02c7
SHA1

ee0acbd28d619d60d344197587c9171ae3f3303b
SHA256

ff4baa78beec60ddeaa887796919081de2afd5a7f7f8da8611d2774f37a9e478
SHA512

7ba31332ba1e75162de5e7e0ebaf514cb10e3d9b2e8ff457a1911c8eef45497d22b0ba27b763eb0256c7beb484ad12e30c52a6b377098cd1ae635cd7acb9518f
SSDEEP

1536:vSwlKC19SnIhSmgeqFe4Z9kxPhD1J1oIos6HP:nAMlq7ehD1J1IHP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
559a7cdce3897113348b5e4175ee02c7_JaffaCakes118

Files

559a7cdce3897113348b5e4175ee02c7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

946a5c3d9d1f8e65a51d73020a599993

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

msvcrt

_vsnprintf

wsock32

connect

gdi32

DeleteObject

user32

UnhookWindowsHookEx

Exports

Exports

CancelDll
LoadDll

Sections

.text
Size: 16KB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE