02c2b9b56050cd5d3e78418a7f76e201_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

02c2b9b56050cd5d3e78418a7f76e201_JaffaCakes118
Size

126KB
MD5

02c2b9b56050cd5d3e78418a7f76e201
SHA1

00843cf979eceb13ec62d8792783aab81970b978
SHA256

308b7eac25099acb235bdc9a028320a79a77c365915940d0a8fc29751d9e64d8
SHA512

ff3df8c8a897459292105675accb0439fed33294bbb32fc73a914eb5c826c35113e6d15ae1acc53a7a639135bde6cf1e50051f4e3d37b043c2cc743e3ba37478
SSDEEP

3072:4NPHNr7xetAs5luFVhpbEbb6dX0au8MYqXglcyGbG:4NPHNxehqLbE/S1kgldG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02c2b9b56050cd5d3e78418a7f76e201_JaffaCakes118

Files

02c2b9b56050cd5d3e78418a7f76e201_JaffaCakes118
.exe windows:4 windows x86 arch:x86

79b535e9628297cf69d568383b279f8e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

advapi32

RegCloseKey

shell32

Shell_NotifyIconW

shlwapi

PathFileExistsW

gdi32

BitBlt

ws2_32

htons

imm32

ImmDisableIME

Sections

.MPRESS1
Size: 102KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE