2e883d74732635005ad1d086d148f92d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e883d74732635005ad1d086d148f92d_JaffaCakes118
Size

1.0MB
MD5

2e883d74732635005ad1d086d148f92d
SHA1

f2a38b2d333b0cae81e05477c20574a4634de147
SHA256

fe4c5ff037287a1072681d84b66cac94c8236f0b3d089e4bb0e8e03100176538
SHA512

aa8e9681bedb190140e630572534bba5c990324b2b93b7433e6be97d595fbf02c2d37a1a4d4a687f21f475b17636cfa6e7ff18165e6dd96d75b63ec1f428e341
SSDEEP

24576:BfNZp8dvocvDvZ6Gm/e3PIUXYzvixPbIWAL2SgNTY7v:nb8YCYzmSqTI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e883d74732635005ad1d086d148f92d_JaffaCakes118

Files

2e883d74732635005ad1d086d148f92d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2b8d45d1c5563804664b94f86bb6af7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

ole32

CoTaskMemFree

comctl32

_TrackMouseEvent

urlmon

URLDownloadToFileA

wininet

InternetGetConnectedState

shell32

ShellExecuteExA

Sections

.text
Size: 1.0MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE