2b11e99d4b3a48cb64efbdf14e4f9f86_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b11e99d4b3a48cb64efbdf14e4f9f86_JaffaCakes118
Size

180KB
MD5

2b11e99d4b3a48cb64efbdf14e4f9f86
SHA1

a6270cae34c498468780b17fb2d4809d8d1b30b1
SHA256

0966ec4da46a44dd35a9b8a8d66f7063c5672cd1aac1f73705b7ad1fe23c1bb8
SHA512

8c7bf07f9974df74a1dbb3e36c917227dfec96e460a86f3d39e5442f4f4427f42888b34f411338ad8ec57bec9ba569ca9e77b113542f6cbaf49264f0faba065c
SSDEEP

3072:nJUS1oTI6/sEKXVsmmoPpfLUr+lh94Ara7HOX1KrljtVWTrAIvh6DTZsB8TP:nX1oTE9Xnpwylbza7IOJtVAkIvYfZ68b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b11e99d4b3a48cb64efbdf14e4f9f86_JaffaCakes118

Files

2b11e99d4b3a48cb64efbdf14e4f9f86_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0235c5498e7f0e1452d33e9063a9804e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalGetAtomNameA
TlsSetValue
HeapSize
GetOEMCP
WriteConsoleA
HeapReAlloc
VirtualAlloc
TlsGetValue
GetConsoleOutputCP
IsValidCodePage
TlsAlloc
GetCPInfo
MultiByteToWideChar
EnumResourceTypesA
IsSystemResumeAutomatic
SetFilePointer
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetLocaleInfoA
SetStdHandle
GetACP
RaiseException

version

GetFileVersionInfoA

shell32

SHDefExtractIconA
SHGetPathFromIDListA
ShellExecuteExA
SHBrowseForFolderA
SHGetFileInfoA
DragAcceptFiles
Shell_NotifyIconA

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ