2c7f678286ca8ba7ee22a30f0fc57bf5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c7f678286ca8ba7ee22a30f0fc57bf5_JaffaCakes118
Size

252KB
MD5

2c7f678286ca8ba7ee22a30f0fc57bf5
SHA1

8cebb9725c84b4a907ac31fb9fd41c2776b65f30
SHA256

0296ad49e8141a81b54521268076fee641f7cd7a7851315ee9beddb0b14400fc
SHA512

984106e36f9665ef09d22886ab62ee13ddf33d8b0218e127b01f3c4ab2f3177da9806788c16d4b2363c098fe7387109b00f16103905d8bd31e8bc1dd83f74474
SSDEEP

6144:7V3kkrkkkY6YALEvpN/MpYb+6CmGOCvTKT2Ihrwynrale6S:x6YALePkSxCvdIhRd6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c7f678286ca8ba7ee22a30f0fc57bf5_JaffaCakes118

Files

2c7f678286ca8ba7ee22a30f0fc57bf5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db701605731f4c56d9f477b853ee5c12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
TlsSetValue
TlsFree
GetLogicalDrives
VirtualAlloc
GetCurrentThread
GetCurrentProcessId
GetSystemDefaultLCID
CreateProcessInternalW
IsDBCSLeadByte
FreeLibrary
GetCommandLineA
GetUserDefaultLCID
GetCurrentThreadId
GetOEMCP
GetModuleFileNameA
lstrcpyA
GetDriveTypeW
GetACP
TlsGetValue
lstrcatA

user32

IsIconic
CloseWindow
GetDC
GetForegroundWindow
ValidateRect
IsWindowVisible
RegisterClassA
GetWindowLongA
GetSystemMetrics
GetWindow
UpdateWindow
ShowWindow
GetFocus
GetClassInfoExA
GetWindowDC
GetWindowTextLengthA
ReleaseDC
GetWindowTextA
GetActiveWindow

imagehlp

ImageNtHeader
FindFileInPath
ImageLoad
FindDebugInfoFile
CheckSumMappedFile
BindImage

oleacc

LresultFromObject
DllRegisterServer
GetRoleTextA
GetStateTextA

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ