2de0d69b1246882473879eb023d77d87_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2de0d69b1246882473879eb023d77d87_JaffaCakes118
Size

200KB
MD5

2de0d69b1246882473879eb023d77d87
SHA1

eb6e819c3af9b8af6e8e45bdfd7856ca7f2ac183
SHA256

9be7ccd26e37a08333d4c3bbdb42a787d0dc06030a9b057eabccb71665dc38d2
SHA512

4c35ea8a00751a10aa60d7525bec94bd9fcb9f924d24eb52930395475cd1f3a4b43c2ab972687e3e157549d529491f4470a6ebbb20a20d15a32d0d2ad5f7582e
SSDEEP

6144:vMnYshA7lM4Zok91wX1pEQFPTvKv/0vj:4hClM4ZoxX3/PTv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2de0d69b1246882473879eb023d77d87_JaffaCakes118

Files

2de0d69b1246882473879eb023d77d87_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0234980d0b4b009f77590377918e0ee1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

OemKeyScan
SetPropA
EndDialog
EnumDesktopsA
ValidateRect
SetWindowTextA
DialogBoxParamA
GetActiveWindow
SetWindowPos
IsCharAlphaNumericW

ole32

CoFreeLibrary
CoUnmarshalHresult
OleFlushClipboard

kernel32

GetCurrentProcessId
CopyFileW
CreateProcessW
SizeofResource
HeapFree
GetStartupInfoA
SetFileAttributesA
HeapDestroy
DeleteAtom
InitializeSListHead
LocalAlloc
AddAtomW
LocalFree
GetProcAddress
LoadLibraryExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
InterlockedExchangeAdd
HeapCreate

Sections

.text
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ