2b42a05ad6490690b579da6322fd1adf_JaffaCakes118 | Triage

Sharing

General

Target

2b42a05ad6490690b579da6322fd1adf_JaffaCakes118
Size

74KB
MD5

2b42a05ad6490690b579da6322fd1adf
SHA1

f6efc8a9e2819d781e0030a95e42e7cfb7afaa88
SHA256

2dd2f1471d8188a4fdcad08132c24a45b9a2d73ecd7ccfd1ce394618d1f76f97
SHA512

35892a47d653923aa2a11f172e6501458648973837fa8ee18717a330e3b16bfbab239735d29f26859e05af878d89355595d4205873e6df7754cdfc2962cc8663
SSDEEP

1536:oV4gRK1IvnJqqMgihPR69IlaSrxN4cdFTG6Uja7hIZ8McqqM:e4ggfjR6YNn4Pja72Z1Fr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b42a05ad6490690b579da6322fd1adf_JaffaCakes118

Files

2b42a05ad6490690b579da6322fd1adf_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6af582334aa27ac485cbffcd80b58d0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
CreateThread
ExitProcess
IsBadReadPtr
GetProcAddress
lstrcmpiA
LoadLibraryA
VirtualProtect
VirtualAlloc

user32

SendMessageA
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
SetTimer
DefWindowProcA

Exports

Exports

fgdfgddfgffg
sfgdfggtbfdb
start

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ