2a91cab09908cca8337b6f3c946879e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a91cab09908cca8337b6f3c946879e3_JaffaCakes118
Size

124KB
MD5

2a91cab09908cca8337b6f3c946879e3
SHA1

c65ae788d21adcc54f0b83674202aad930eb5c63
SHA256

ddc138a1e7c74e110d78c84ffda2b0e688fb2083b40a6bda2cdd0449d6f3633b
SHA512

791a935fa4fa183555b63d568b6fe10efe22a1ba64de0c638f63761932fa406cf967b0ecb89d1253178f7a3d7a3c2b0175cc64a90b93fb9f3d63ac5b1aa326c4
SSDEEP

1536:N5lkva1/xacOhTbgx6XdteoS5j7raPXc+9geKPfb+EPpUdDZNX:SWYcO50gtqZGPX/9/KPfyEPpUdDzX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a91cab09908cca8337b6f3c946879e3_JaffaCakes118

Files

2a91cab09908cca8337b6f3c946879e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

670a93ee02cf87adbc5e0d3dbea58e1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDoubleClickTime
TranslateMDISysAccel
InflateRect
SendMessageCallbackW
IsWindowVisible
GetClipboardData
ChangeMenuW

ole32

HWND_UserMarshal

shlwapi

SHStrDupW
StrCmpLogicalW

urlmon

CreateAsyncBindCtx

advapi32

RegSetValueA
EncryptionDisable
GetNumberOfEventLogRecords
LogonUserExW

gdi32

SetMapMode
CreatePen
SetWindowOrgEx

setupapi

SetupQueryInfVersionInformationW
SetupSetFileQueueFlags

winspool.drv

EnumPrinterDataExW

kernel32

ChangeTimerQueueTimer
LocalLock
OpenProcess
CloseHandle
GetFileSize
IsNLSDefinedString
lstrcmpW
GetSystemDefaultLocaleName
GetThreadPriority
GetSystemTimeAsFileTime
GetDiskFreeSpaceExA
SetConsoleScreenBufferSize
GetNumaAvailableMemoryNode
DeleteTimerQueueEx

crypt32

CertSaveStore

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ