2c93045c3b89ec63e97a8d8b35c51306_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c93045c3b89ec63e97a8d8b35c51306_JaffaCakes118
Size

80KB
MD5

2c93045c3b89ec63e97a8d8b35c51306
SHA1

347f287a90abdeba4488445f16321f7855b7f53c
SHA256

b5cd5c5d423e83f6f434d57337124d17313b45ce2c0883c38a8ab2617a71ff6c
SHA512

53fc50a09b68f39dc94ff50ae367cb35a3e5eded9dd2c2a5464a59ce43d7bd17fbfc421b88803182cb8c86e2d2df7d74a8bf682d4a2091a7f86d0c8482970a2e
SSDEEP

192:BCOAnt5leOmZHcEBdlUuWYM+XK2i9Wq72zP4187FRSP1oynqMYchfM8Pr:BzGnW8gbyj9d2zP42FR819ThN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c93045c3b89ec63e97a8d8b35c51306_JaffaCakes118

Files

2c93045c3b89ec63e97a8d8b35c51306_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab5feb8eeb47e78ba0b402e6623cbac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
MoveFileA
DeleteFileA
Sleep
GetTempPathA
CreateProcessA
ResumeThread
SetFileAttributesA
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA

advapi32

RegSetValueExA
RegCloseKey
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyA

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetOpenUrlA

msvcrt

memset
_onexit
__dllonexit
_chkesp
strlen
vsprintf
??3@YAXPAX@Z
memcpy
strcpy
??2@YAPAXI@Z
fwrite
fread
_controlfp
fclose
fprintf
strftime
localtime
time
fopen
strcat
strstr
sprintf
fseek
atoi
memcmp
strcmp
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3

Sections

.data
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 749B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ