2e952ba285a6afb7a32cc1362f389cc4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e952ba285a6afb7a32cc1362f389cc4_JaffaCakes118
Size

26KB
MD5

2e952ba285a6afb7a32cc1362f389cc4
SHA1

a3767a3704486df9e3232c1d1fd56537f3de5b97
SHA256

63fded649b5db432d1652c98907af7d8b82105c0a64ad4cccd2b0498ff8bb908
SHA512

127912bf01fb8607d4a19f6a17f6441173f61cb5726658f234510e0f5fcbab99b7cc672365f47a620fb3e3ed2c4d8c913302cba1f529c026dcaa3fc25d36981a
SSDEEP

768:EoQX59w38uUGoKpoEfoklaTFknj/2aKS:Awvkkj/h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e952ba285a6afb7a32cc1362f389cc4_JaffaCakes118

Files

2e952ba285a6afb7a32cc1362f389cc4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

531b97969bdb02e124f3b55757ba5b42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_WDM_DRIVER
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleCommandHistoryLengthA
GetPrivateProfileStructW
GetPrivateProfileSectionA
CreateJobObjectA
GetConsoleInputExeNameA
GetStringTypeExW
OpenFileMappingW
GetConsoleCommandHistoryLengthA

user32

GetClassNameW
WinHelpA
CharUpperA
ChangeDisplaySettingsW
DialogBoxParamW
SetWindowLongA
CopyAcceleratorTableW
CopyAcceleratorTableW
EnumWindowStationsA
SetWindowsHookExA

gdi32

RemoveFontResourceW
DeviceCapabilitiesExA
RemoveFontResourceExA
GetObjectA
GetTextExtentPointA

Sections

.tls
Size: 20KB - Virtual size: 17.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.masm
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.icode
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 1024B - Virtual size: 825B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ