2f03f8fd15e63aaec4a9275ef450a95a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f03f8fd15e63aaec4a9275ef450a95a_JaffaCakes118
Size

16KB
MD5

2f03f8fd15e63aaec4a9275ef450a95a
SHA1

1ef4f127eefa147393297eb030303c1f7ee8ec8d
SHA256

7d12dcaaac8d64fbf7c8be8d76deff5e21f64b4f83ec48f2a2e0a5e7392b2eff
SHA512

03a9bbed4e58de9a712364b6dd87fd5f040d3185c7df19cc54935bb0c550f230f7fd4586a9ddf47cf483ff60334ee214d744fc65194cb6053c1aa603140ed12a
SSDEEP

384:or9ZM2GIed3J3i4+Adu/+PEAgdQWrBTDNwQyiG21VKYpEWVPymW:mbTGbZSLmPcq+TLo5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f03f8fd15e63aaec4a9275ef450a95a_JaffaCakes118

Files

2f03f8fd15e63aaec4a9275ef450a95a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

2b0a378e505e47d30d4e686dcfa653b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

ntdll

NtClose

api-ms-win-core-localregistry-l1-1-0

RegCloseKey

api-ms-win-core-processthreads-l1-1-0

CreateThread

user32

CharNextW

userenv

ord175

msvcrt

exit

Sections

.MPRESS1
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE