2ef60e3dd420b799000e512ad6e5175b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ef60e3dd420b799000e512ad6e5175b_JaffaCakes118
Size

752KB
MD5

2ef60e3dd420b799000e512ad6e5175b
SHA1

bb8108535ad5be630564e273ce43fb7b2b16eec9
SHA256

e1a483f7b6cb5211665fc4d96a8a05fb3d61418e8136ec31b312f15feca4ea07
SHA512

ee81188467b0d655289a49ccd3ea574210f686f5423a72b83dc8b7513b75f73b86562fc6dc140c3232fefd2ae0dbeef36a219b6d590d19bf5e94993707b0b5d7
SSDEEP

12288:KEn5KJqu21fD4I3tBDaGXlAK87jfNL60B3edPQ9qX2ns:KEEJqu21f0Idl7VAK87jfNL60edPQ9q4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ef60e3dd420b799000e512ad6e5175b_JaffaCakes118

Files

2ef60e3dd420b799000e512ad6e5175b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5fdf085ffe31c4a92c4fc124a432a050

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

StrChrIA
StrStrA

kernel32

lstrlenA
lstrcpyA
lstrcatA
CloseHandle
CreateFileA
ExitProcess
FindResourceA
FreeLibrary
GetCurrentDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetVersion
LoadLibraryA
LoadResource
LockResource
RtlZeroMemory
SizeofResource
Sleep
WriteFile

comctl32

GetMUILanguage

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 735KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE