2549e719c89582a5bd8f966fd67f305c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2549e719c89582a5bd8f966fd67f305c_JaffaCakes118
Size

287KB
MD5

2549e719c89582a5bd8f966fd67f305c
SHA1

d727cabf82f88eff82dbec5a4a012e3c42c6ed9e
SHA256

0d682818ccddb7e625846fcf878472df8102fb99699b4a47a373ce4a586689b5
SHA512

9d89ee22e8bff99ad53b99af204d1cf943df0261a529f2c1d2dede92f839f580a5b986f4424cf3367a247054adf75838c05cd5993e0f13c675a81f18c6a5880e
SSDEEP

6144:LjbMqlZBrz+wl/d2t3+n0zoYAT8licjCHO1R:Ljp7BryXt3lzrAT8lPCHOj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2549e719c89582a5bd8f966fd67f305c_JaffaCakes118

Files

2549e719c89582a5bd8f966fd67f305c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

84496d85a7e7b34bc265631ad99e259c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

shell32

ShellExecuteA
Shell_NotifyIconA

rpcrt4

UuidCreate

kernel32

GlobalFindAtomW
LocalAlloc
FoldStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetModuleHandleW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
EnumResourceLanguagesA
InterlockedExchange
GetLocaleInfoW
GetProcessHeap
SetUnhandledExceptionFilter
GetPrivateProfileIntW
QueryPerformanceCounter
InterlockedCompareExchange
GetCurrentThreadId
GetStartupInfoA
GetTickCount
VirtualProtect
DeleteFileW

shlwapi

GetAcceptLanguagesA
PathAppendW
UrlCreateFromPathW
StrCmpIW
PathRemoveFileSpecW
PathIsRelativeW
PathFindExtensionW
UrlUnescapeW
PathCreateFromUrlW
PathCombineW

Sections

.text
Size: 152KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ