2b126fbd0352c9ec2f7833af3d0df7ca_JaffaCakes118 | Triage

Sharing

General

Target

2b126fbd0352c9ec2f7833af3d0df7ca_JaffaCakes118
Size

99KB
MD5

2b126fbd0352c9ec2f7833af3d0df7ca
SHA1

3bf9cee470ad6cf126635570d89d9d9f30cef386
SHA256

3546db46d605f744a285fe60fcbacc6b686aa6fae4c32890b030924471e0e59f
SHA512

0dfb908197503bf9c1c9deeb015504d1b51d4c00857b34c3862f6c7fd9a4423acb0a068f1b63e2d6757b4c89f2d993e7913767c24d32763afd5e3c1ec43bdcc7
SSDEEP

1536:6Ti28Kx4Cm792SAYqEVvsQS5QqmHN4SMwOVth8+T96R9UB4xw7585yWvNtQ:6TJaCmgSAEsNdm26OV0uofUBCw7O5N/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2b126fbd0352c9ec2f7833af3d0df7ca_JaffaCakes118

Files

2b126fbd0352c9ec2f7833af3d0df7ca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bf0066cffb4c3a363178fda9e753a7f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
MapViewOfFile
GetVersionExA
GetEnvironmentVariableA
GetModuleHandleW
InitializeCriticalSection
CreateFileMappingW
OpenFileMappingW
GetProcAddress
CreateEventW
GetFileSize
CreateJobObjectW
CreateMutexA
LoadLibraryExA
LoadLibraryA
lstrcat
ReadFile
GetOEMCP
CopyFileExW
CreateFileW
GetExitCodeThread
DeleteFileW
WriteConsoleA
SetErrorMode
GetLogicalDriveStringsA
CreateSemaphoreA
GetDateFormatW
GetCommandLineA
CompareStringA
GetLocalTime

cmutil

CmMalloc
CmFree

user32

LoadCursorW
IsDialogMessageA
PostMessageA
LoadMenuA
LoadIconA
PeekMessageW
GetPropW
LoadBitmapA
DialogBoxParamW
InsertMenuW
FindWindowA
CharToOemW
DispatchMessageW
IsCharLowerA
GetDlgItemTextA
wsprintfW

Sections

text1
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zdata
Size: 1024B - Virtual size: 698B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ