2932d4750e8cf32e2297c9807e6b1948_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2932d4750e8cf32e2297c9807e6b1948_JaffaCakes118
Size

135KB
MD5

2932d4750e8cf32e2297c9807e6b1948
SHA1

a624c0c877ff1f0c2f5ec956ca81ad4a2b34b02d
SHA256

1adf36eea5146a22fed522e3063171535ec4a28963a2f650aff5e5334b5b6af2
SHA512

d8ad10a58aa7963e492b452041ba288b3435df75c501958355f64c02e8a751d93322340f131d55ba3cc27b63c755a682d1a1b8545456f8e58ac48c9f4997e059
SSDEEP

1536:dCpwxIl2aPMD5AIxXA4/A92ohvYoHJe4YJ/FASD0y5D9YhuukvZoodmi+W1EoMJ6:AwxIYVALKcVhHwVQNunhUogCngqFB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2932d4750e8cf32e2297c9807e6b1948_JaffaCakes118

Files

2932d4750e8cf32e2297c9807e6b1948_JaffaCakes118
.exe windows:4 windows x86 arch:x86

55d27af52a7d9b0687d2eaa4f8a25ca4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
GetTempFileNameA
InterlockedIncrement
IsDebuggerPresent
LoadLibraryA
TlsGetValue
VirtualAlloc
VirtualFree

user32

IsWindow
PostQuitMessage
SetWindowTextA

gdi32

GetDIBColorTable
GetDIBits
GetObjectA
GetTextExtentPointA
GetTextMetricsA
PlayEnhMetaFile

shell32

ExtractAssociatedIconW
ExtractIconA
SHBrowseForFolderA
SHGetDiskFreeSpaceExW
ShellExecuteExA

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 885B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ