2e1afc079699a5cacb41a04a1e988028_JaffaCakes118 | Triage

Sharing

General

Target

2e1afc079699a5cacb41a04a1e988028_JaffaCakes118
Size

32KB
MD5

2e1afc079699a5cacb41a04a1e988028
SHA1

51cb33dc7973bc1416b26523eddeab49a1b0cd60
SHA256

9cf0206b22e2a6cf263ce9795ca1dd8b5e2eae5950a3ef6720f105a3e6227127
SHA512

533c3ab5ff36912608fe5ff271c03d3176af04769ae9ffb5bb8bf27f7c951cfba2ecc322ff1aaccd00cc618fd5b01a52b7bedfb6f769be6865c191d9cfeff7d4
SSDEEP

192:JNNKdQnIOwbg5ijL5kWVObj3L74lRdcL0Yg55CMiwdiwG0RKBKDOr:JNA2IDMaFuf7UcLFa5CfwowG0aKDY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e1afc079699a5cacb41a04a1e988028_JaffaCakes118

Files

2e1afc079699a5cacb41a04a1e988028_JaffaCakes118
.exe windows:4 windows x86 arch:x86

415f8b1842848653a029da4ff5fd63eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

sprintf
modf
strncpy
strncmp
tolower
_ftol
_strnicmp

kernel32

WaitForSingleObject
Sleep
GetTickCount
GetStartupInfoA
CreateProcessA
IsBadReadPtr
HeapFree
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc

user32

EnumWindows
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
MessageBoxA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
SetTimer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE