2a57bb8baeb48e48c345ab6e85eb1176_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a57bb8baeb48e48c345ab6e85eb1176_JaffaCakes118
Size

166KB
MD5

2a57bb8baeb48e48c345ab6e85eb1176
SHA1

1585afe2fc8330e406edc40a8d7d03fc53f9ad95
SHA256

904d44f9b516a1bba214515ee5d204e4e092a18cbca02ab601de29d3eb5c305c
SHA512

b1d89830ffb1605c41399f9055044ca9f428e026c3e2b6ff31902106b8dbfff1ac318c95e7462ce5ee937a66ab2f1599804f4221aad3ed64681164290eacefad
SSDEEP

3072:FNRzR09Fcbl73nSeAuBp0M1moeEn/mfbugdc5bXOc:nNRcgRnSuBp/mQn/ydcp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a57bb8baeb48e48c345ab6e85eb1176_JaffaCakes118

Files

2a57bb8baeb48e48c345ab6e85eb1176_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d71096709f30cb6db80e5446193f087d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoGetMalloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CoTaskMemRealloc

gdi32

SelectObject
GetDeviceCaps
GetTextExtentPointA
GetTextMetricsA
DeleteObject
CreateFontIndirectA

kernel32

WriteFile
GetCPInfoExW
TlsGetValue
GetStdHandle
MultiByteToWideChar
EnterCriticalSection
GetEnvironmentStrings
GetFileType
GetTickCount
GetVersionExA
GetEnvironmentStringsW
GetACP
FreeEnvironmentStringsA
SetHandleCount
TlsSetValue
LeaveCriticalSection
QueryPerformanceCounter
EnumResourceTypesA
RaiseException
UnhandledExceptionFilter
InterlockedExchange
FreeEnvironmentStringsW
GetLastError
InitializeCriticalSection
GetOEMCP
HeapSize
WideCharToMultiByte
GetStartupInfoA
GetEnvironmentStringsW
InterlockedIncrement
lstrlenW
GetThreadLocale
DeleteCriticalSection
GetCPInfo
GetLocaleInfoA
GetCurrentProcessId

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ