2977a1dee6e3edeaa9a076a2aefb3f06_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2977a1dee6e3edeaa9a076a2aefb3f06_JaffaCakes118
Size

122KB
MD5

2977a1dee6e3edeaa9a076a2aefb3f06
SHA1

c21531282cfe36bd74832e5253f6da23a723151d
SHA256

c99121777414fce151ab65136bb012eeaffb69c14221e84136a9795f5e66897c
SHA512

452903e099e768cf68e78aa496aadc476e3ebc29c169a928fd766775fabcd0187cba7d0a981c9a44f9892bc7d2e068955fe93167cbdc39f74f316101775f2396
SSDEEP

3072:4Du/kmq9VK+ib90qkxK0d/oEeo1tciAD3q0:rA9VK+ihPkt/ogPlW60

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2977a1dee6e3edeaa9a076a2aefb3f06_JaffaCakes118

Files

2977a1dee6e3edeaa9a076a2aefb3f06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab997975087722516438586ccbf05798

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

msvcrt

_itoa

ws2_32

connect

user32

GetWindowTextA

advapi32

RegEnumValueA

shell32

ShellExecuteA

oleaut32

GetErrorInfo

Sections

.PILL
Size: - Virtual size: 268KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PILL
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE