2ccd31982ac893208b8d7a5927fe934a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ccd31982ac893208b8d7a5927fe934a_JaffaCakes118
Size

182KB
MD5

2ccd31982ac893208b8d7a5927fe934a
SHA1

eae1e4213f822837148e2e59be018c7f2c9a2a4f
SHA256

90520bee17af5ca7b51e88520e292f5838566479625c007f49b9fab1b62e2bc1
SHA512

21a89dc1a16d9567f597c430400ce0b8e2a2f23ec3ce3bfb2b4e184b31dd4409df019d13b521f6d281f9504843b195404efe781eb0255acceb96ec25e7af3aae
SSDEEP

3072:yE1D7tTM++t3kD7yisPcLdFpOh4fgUoDsPCmsmpvmXm6dExD5fklh5/F6ZTiVPkJ:xD7tYdTimERdtvmXm6dEleN/F6liyG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ccd31982ac893208b8d7a5927fe934a_JaffaCakes118

Files

2ccd31982ac893208b8d7a5927fe934a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0325fffcedf4b01f9ef8a68d3cb5d884

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

TextOutA

winmm

waveOutGetPosition

Sections

CODE
Size: 174KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE