2c3cd193e9f3bfced9256b1b9a4d8ebe_JaffaCakes118 | Triage

Sharing

General

Target

2c3cd193e9f3bfced9256b1b9a4d8ebe_JaffaCakes118
Size

636KB
MD5

2c3cd193e9f3bfced9256b1b9a4d8ebe
SHA1

b33950b5f62b91de5f25a58806b253ca5ae28aae
SHA256

dc8bc5b6fc4826571be9a4794c823d45722c8f5d1999316cd658901ecc9984c5
SHA512

a30e5a400a7244ed7cc66134a82503885a6cbcfd61d31334355a4aad8c600b5bc1bf1797c7d4640ebc817b0486bffe390fe60b0c23982968019c3967b298b82c
SSDEEP

12288:DXsETlBnPVibcHXn+XrKiE9DamsHaEcdrVQilrJQwhe9aEAyvU:7sEJR8bwfUH8rVQilrmwA9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c3cd193e9f3bfced9256b1b9a4d8ebe_JaffaCakes118

Files

2c3cd193e9f3bfced9256b1b9a4d8ebe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2d0d75d3bbbd14d7e120e8617efa332a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetConsoleCP
LocalSize
HeapCreate
GetSystemDefaultLangID
LoadLibraryExA
VirtualProtect
SuspendThread
WaitForSingleObject
InterlockedExchange
CompareFileTime
lstrlenA
WaitForMultipleObjects
HeapReAlloc
CloseHandle
GetAtomNameA
GetCommandLineA
GetConsoleDisplayMode
GlobalUnlock
GetTickCount
GetVersion

gdi32

FloodFill
EngLineTo
BeginPath
GetStringBitmapA
GetMetaRgn
DeleteDC
CreateICA
CreateFontA
DeleteObject
GetRgnBox
EndPath
Escape
AbortPath
EqualRgn
Ellipse
GetTextColor
GetFontData
GetMetaFileA
CreatePalette

rastapi

PortClose
DeviceConnect
DeviceListen
DeviceDone
AddPorts

dhcpsapi

DhcpAddServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ