2b8241b49176640e53e2ed3be96901ec_JaffaCakes118 | Triage

Sharing

General

Target

2b8241b49176640e53e2ed3be96901ec_JaffaCakes118
Size

20KB
MD5

2b8241b49176640e53e2ed3be96901ec
SHA1

3e1ff2000ef32f9c66177931dba1e174a9e1b647
SHA256

04617c39cdf936e522661ada1b191c8a83d7b8354534763fb7bcd0398ee7bfb2
SHA512

bf4479d261bc6ba21a01e55557be15f1c5ed688e8db151874189b55aa59d128fd7ad0f330281dd206f9d842b09f20c715f423e3a9c7079ada3bfbdccef66646e
SSDEEP

384:/o5plZGa10obgEk+sKfA7Hj4nvZu8YlLP1TW0:A5pzGa1DkEkpKNZu8YlLP1T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b8241b49176640e53e2ed3be96901ec_JaffaCakes118

Files

2b8241b49176640e53e2ed3be96901ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

935f817cb7a5ed4999eb556ca1c1009d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
FindResourceA
GetModuleHandleA
GetSystemDirectoryA
WaitForSingleObject
SetThreadPriority
CreateThread
TerminateProcess
OpenProcess
LoadResource
OpenEventA
GetCurrentThreadId
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
LockResource
DeleteFileA
WriteFile
Sleep
GetModuleFileNameA
LoadLibraryA
ExitProcess
GetWindowsDirectoryA
CreateFileA
GetFileTime
SetFileTime
GetCurrentProcess
CreateEventA
CloseHandle

user32

SendMessageA
GetWindow
EnumThreadWindows
GetWindowTextA
GetClassNameA
PostMessageA
DestroyIcon
GetThreadDesktop
CheckDlgButton
CheckMenuItem
CheckMenuRadioItem
CheckRadioButton
CloseDesktop
wsprintfA
FindWindowA

gdi32

ArcTo
BitBlt
CancelDC
Chord
Arc
CloseEnhMetaFile

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ