2a90c9709d6c8ed6cdfa25ecdbb40377_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a90c9709d6c8ed6cdfa25ecdbb40377_JaffaCakes118
Size

19KB
MD5

2a90c9709d6c8ed6cdfa25ecdbb40377
SHA1

c2a687d0cabea177d86610c3e099a59d9e1869b1
SHA256

818601988139d0600ee3e326e78417afa611c4e587c7eb59e868bd98513ce99b
SHA512

a51ec1cf652d77a2bf20750c5469f9e1441fca45efa4d61681888c8d1dc6bdf1c44ed0e221810593be10d92b70fae6c29f3cc0739206a6bae5bbac5a1c89cf56
SSDEEP

192:i1uOk3JOSrVb364DnMC1vP9U6VKfRyvV4ga+w+s5DFfoHYXvKjf2ggv:8g1dDnXPWiKfw+gN6FfoHYXvwOvv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a90c9709d6c8ed6cdfa25ecdbb40377_JaffaCakes118

Files

2a90c9709d6c8ed6cdfa25ecdbb40377_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ced34bc638e657690c17810fb1af675f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessInternalW
GetCurrentProcessId
lstrcmpA
GetACP
GetUserDefaultLangID
IsDBCSLeadByte
GetCommandLineA
VirtualAlloc
GetSystemDefaultLCID
TlsFree
GetLogicalDrives
GetModuleFileNameA
lstrcatA
GetDriveTypeW
GetCurrentThread
TlsSetValue
GetModuleHandleW
TlsGetValue
GetOEMCP
GetCurrentThreadId
FreeLibrary

user32

GetActiveWindow
GetWindowLongA
GetDC
UpdateWindow
IsWindowVisible
GetClassLongA
ShowWindow
GetWindowTextLengthA
GetFocus
GetForegroundWindow
IsIconic
CloseWindow
GetWindowDC
GetSystemMetrics
RegisterClassA
GetWindowTextA
GetWindow
ReleaseDC
BeginPaint

imagehlp

CheckSumMappedFile
FindFileInPath
FindDebugInfoFile
BindImage
ImageLoad
ImageNtHeader

sxs

CreateAssemblyCache
SxsInstallW
CreateAssemblyNameObject
SxsLookupClrGuid

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 581B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ