2ce5fd6cd38f0834d60a06043240d0fa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ce5fd6cd38f0834d60a06043240d0fa_JaffaCakes118
Size

270KB
MD5

2ce5fd6cd38f0834d60a06043240d0fa
SHA1

76a0456043930456a668deb63e300892b75362f1
SHA256

12c2962bee65ddae6424d3531886ea63aab7835c6986dd6201e93a13c07cfe14
SHA512

9659e674a1b8c6b3887a3353c7f1268d13b47359b6158b4dccd3b804a3bb925bff91b62f0892cf5c15c96f70be7632ee65880c62ce1a383beb43c75c8a7b38d8
SSDEEP

6144:drtBntnDfHzG+z/K1097NofSQO+rYaSGYnf2Pg2U:drvZTGb1aho5rYa0OPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ce5fd6cd38f0834d60a06043240d0fa_JaffaCakes118

Files

2ce5fd6cd38f0834d60a06043240d0fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b25c68d86de020c8cee8cc6ef601a3c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
VirtualQuery
VirtualAlloc
HeapDestroy
VirtualFree
HeapAlloc
GetSystemTimeAsFileTime
SetLastError
HeapCreate
QueryPerformanceCounter
EnumSystemLanguageGroupsW
IsBadWritePtr
GetWriteWatch
TlsAlloc
HeapReAlloc
GetCurrentProcessId
TlsFree

shell32

SHChangeNotify
SHGetMalloc
SHGetPathFromIDListW

shlwapi

PathAddBackslashW

oleacc

CreateStdAccessibleObject
CreateStdAccessibleProxyA

user32

LoadStringA
GetWindow
LoadImageA
DestroyIcon
GetDlgItem
CreateWindowExA
SetWindowTextA
GetParent

winmm

mciSendCommandA

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ