2cd5274e14f0b6bf755eaa1b24a3b777_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2cd5274e14f0b6bf755eaa1b24a3b777_JaffaCakes118
Size

2.7MB
MD5

2cd5274e14f0b6bf755eaa1b24a3b777
SHA1

0524038cf5f187ba8b7ac1dd913da099316d0298
SHA256

f0b4b98aee9241f812625e130e60c33920b1402b780ffb74fc829a7d8f231b3c
SHA512

85790bf5cd361274a7928a1aecd0b4e7ae69b754a7889a8eac7e7c9e574a221b08afd61d9274fe541503024f5b320d51036d64741a54a4932afc2557dec8b7cf
SSDEEP

49152:+8Uxci8wRKWpnV+7EXcK7A4HGUdpRJTxZfPR99Vmyg9Zncbx/3g:+ZywRKWcK7zG7Zncbx/Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cd5274e14f0b6bf755eaa1b24a3b777_JaffaCakes118

Files

2cd5274e14f0b6bf755eaa1b24a3b777_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88381b84da56810b869e897e6d45bd58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ASC\Virtualization Studio\Tools\SkypeStarter\Release\Fake.pdb

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

EnumChildWindows

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.main
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stub
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ