2b57984ad3cde42cb0af1416e2bdeafc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b57984ad3cde42cb0af1416e2bdeafc_JaffaCakes118
Size

259KB
MD5

2b57984ad3cde42cb0af1416e2bdeafc
SHA1

0588e7127a22f0a7a36dda887e263867234a793c
SHA256

ede525511c4fdcbadf49405eb3a3c348208964d3eeea16b97625d77e27087cef
SHA512

7409339fe3a977cb73faee2b5893fa298d007a5a26b644f6af67b93cb0b61225ff61889d1a111ec0b03d89065db2d1d9586f4d1db1f35f1a2f869b39c33a6d3d
SSDEEP

6144:Hi+jWM2z0w804vxOGUwnQfBV890FVTnxO:C+jWJF8048z+EBV89AT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b57984ad3cde42cb0af1416e2bdeafc_JaffaCakes118

Files

2b57984ad3cde42cb0af1416e2bdeafc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8578e630297699e6ff3ef0d6fc5fcc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetWindowsDirectoryA
ExitProcess
CreateRemoteThread
VirtualFreeEx
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
WriteFile
DeleteFileA
LockResource
LoadResource
CreateFileA
FindResourceA
GetModuleHandleA
GetSystemDirectoryA
GetCurrentThreadId
CreateEventA
OpenEventA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
SizeofResource
SetFileTime

user32

GetThreadDesktop
MapVirtualKeyA
PostThreadMessageA
GetMessageA
wsprintfA
GetInputState

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ