2d737d1689f194b765257a3041f960cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d737d1689f194b765257a3041f960cc_JaffaCakes118
Size

416KB
MD5

2d737d1689f194b765257a3041f960cc
SHA1

d3dffcdd68828bf459f3452116c76d21605970b0
SHA256

4898d70bbd586980d1191571b211627a3024e614d5c145c4fa82e81044b3a667
SHA512

5d879e6b43e94394dffc2859885fbf8676152d2c441691042fa3f4f0abcdcb2e1e357f42c301c30a995a1f24f5a98ae70b44062d273debcc46b80258c26c9b0e
SSDEEP

6144:46b2I7dBJY+l8EAnddMJfnDnDYiktjAg2SDj2uqLUITtjtz:46qIprYLsr0iktjrpDSFJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d737d1689f194b765257a3041f960cc_JaffaCakes118

Files

2d737d1689f194b765257a3041f960cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c5f18d75c0aa80f1c40dfa6bb95bfdf2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetSystemDirectoryA
GetLastError
InterlockedExchange
HeapCreate
VirtualProtect
GetACP
GlobalAddAtomA
GetLocaleInfoA
CloseHandle
GetLogicalDrives
GetCommandLineA
Sleep
GetStdHandle
GetFileAttributesExA
LoadLibraryExA
LockResource
GlobalAddAtomA
EnterCriticalSection
SetErrorMode
GlobalFree

user32

EndPaint
GetWindowTextA
ReleaseDC
ShowWindow
FillRect
DrawTextA
FrameRect
wsprintfA
GetParent
GetFocus
FlashWindowEx
GetWindow
ValidateRect
SetForegroundWindow
BeginPaint
GetActiveWindow
IsIconic
GetCursorPos
GetClassNameA

httpapi

HttpAddUrl
HttpAddFragmentToCache
HttpInitialize
HttpTerminate
HttpCreateHttpHandle

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ