2b24a7fd3a6c1afdfd09fdb2d30aa6d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b24a7fd3a6c1afdfd09fdb2d30aa6d7_JaffaCakes118
Size

208KB
MD5

2b24a7fd3a6c1afdfd09fdb2d30aa6d7
SHA1

6bef8539afefc6756d36a67521fbc8f00dade314
SHA256

0f861393682411832c9dd9eb025b34e0774b41b36aa5acb4dfb1236e317c10dc
SHA512

840a41051a4aa35cc2206f26f8687e11b142a94aef64c43d0d15dc38bafa01cf6b88af54cd4f23173d680c7448f1916b3681f7941128543a054b6b6e5ed2a079
SSDEEP

6144:8wlx3FhGwf8rZ/GgCVx063Qtx6HfutaxmeSaD:ZVs48rGVy6346/CaEKD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b24a7fd3a6c1afdfd09fdb2d30aa6d7_JaffaCakes118

Files

2b24a7fd3a6c1afdfd09fdb2d30aa6d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f8271526a65d7cc2db70f37825130015

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
CreateFileA
LoadLibraryA
LCMapStringA
ExitProcess
GetCurrentProcess

user32

CreateWindowExA
wsprintfA
SetWindowLongA
CharLowerBuffA
CloseWindow

advapi32

RegCloseKey
RegSetValueA
RegDeleteValueA
RegEnumValueA
RegQueryValueA
RegCreateKeyA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyA

Sections

.text
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ