2b39a36549b591b2858e607f8561d9a4_JaffaCakes118 | Triage

Sharing

General

Target

2b39a36549b591b2858e607f8561d9a4_JaffaCakes118
Size

71KB
MD5

2b39a36549b591b2858e607f8561d9a4
SHA1

c479d036d419184cb5fd18c36692717c9e478e36
SHA256

87e7adaaa3a3c2debd6e2fd68b998369958bc2b920ef2d7280e2dd108616f253
SHA512

8abf61156320f84f01a2cf92ab81d670152fd6fd9228baced886383ef9ea94a8ff92a116d5c7243970aa9070b2fde2de53ae8f232d31b2a683874fbd80f157ee
SSDEEP

1536:r5tpMe005oNd+6BoNuH9OjdTpPDRAvTDk:rJMkgUuHGdVP9AvTw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b39a36549b591b2858e607f8561d9a4_JaffaCakes118

Files

2b39a36549b591b2858e607f8561d9a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

940c811c54b2297b15c6af2191222ca2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetACP
GetThreadPriority
FlushFileBuffers
HeapDestroy
GetCurrentProcessId
GetEnvironmentStringsA
VirtualProtect
DeleteAtom
GetCurrentThread
InterlockedExchange
GetStdHandle
WriteConsoleA
GetTimeFormatA
LoadLibraryA
FormatMessageA
GetCurrentProcess
IsDebuggerPresent
OpenSemaphoreA
HeapCreate
GetExpandedNameA

user32

IsIconic
ShowWindow
GetParent
GetWindow
ReleaseDC
GetClassNameA
FrameRect
GetWindowTextLengthA
BeginPaint
GetFocus
SetForegroundWindow
wsprintfA
DrawTextA
GetCursorPos
SetActiveWindow
EndPaint
FillRect
GetDlgItem
ValidateRgn

advapi32

RegCloseKey
RegEnumKeyA
RegFlushKey
RegQueryInfoKeyA
RegCreateKeyA

uxtheme

GetThemeSysFont

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 708KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ