2c62be4d56e802cf5992991b5d40730c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c62be4d56e802cf5992991b5d40730c_JaffaCakes118
Size

1.5MB
MD5

2c62be4d56e802cf5992991b5d40730c
SHA1

32a1251a4423c924a3c03cd3aeea2e524df47c96
SHA256

c9c6149fa5865d9542fd0a1fec9c2f03da848bc520fd0a1a90cc6eb1040f2964
SHA512

0997ba1f4c25b7e5bc1db59da4d468c1a79abf7c244035c5a24f5daa96911734a7121669c89975b3d5a10b22649ede69b8923f5cd88023e102eb58d936d91286
SSDEEP

49152:4JWt82LgyJCry4kBMbg1CiZ8JZHpryom+A:4y82LgyJC3kBMbgMiZSHoom+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c62be4d56e802cf5992991b5d40730c_JaffaCakes118

Files

2c62be4d56e802cf5992991b5d40730c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca2736db792c3c6d1c98a1f32f5a98e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetProcessVersion
MoveFileA
VirtualProtect
GetTempFileNameA
CloseHandle
GetCommandLineA
GetStartupInfoA
ExitProcess

ntdll

ZwSaveMergedKeys
RtlCompressBuffer

Exports

Exports

Yxwnyqupfnu
Onwowxo
CreateToxumrthtjr

Sections

.text
Size: 4KB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lrslr
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ