2b7b00c38e3eed61b58892716b1eb89d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b7b00c38e3eed61b58892716b1eb89d_JaffaCakes118
Size

223KB
MD5

2b7b00c38e3eed61b58892716b1eb89d
SHA1

c5fc6d9052019d6c0c573e61968376465ec115f8
SHA256

29d3ac9fae97c894ae46ac99b6d96fa33a891ca9629b4f14be90f2954aae4183
SHA512

af12bf0a02424bfbe1d8505385ad73984ff9637016d88cfe0f5c2dce56e24f0304fe500fafcb9e465acd4c2d67d1551ba52eb3c1be03eb6b95aa682fced8b1af
SSDEEP

6144:9mTH9dcMf6QvX0EBehCgA5AM3nme9pYwltD:ABvX0qehC55d3XXhbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b7b00c38e3eed61b58892716b1eb89d_JaffaCakes118

Files

2b7b00c38e3eed61b58892716b1eb89d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6039c26165040db47e28057ca34786ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

srand
memcmp
strcat
isdigit
isspace
memcpy
rename
memset
_EH_prolog
__CxxFrameHandler
strcmp
strncpy
strstr
strcpy
rand
abs
strlen

user32

MessageBoxA
wvsprintfA

kernel32

GetModuleHandleA
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
GetProcAddress
GetTickCount
GetStartupInfoA
GetCommandLineA
ExitProcess

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE