2f2527f31cce09213062127b0d94e56b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f2527f31cce09213062127b0d94e56b_JaffaCakes118
Size

45KB
MD5

2f2527f31cce09213062127b0d94e56b
SHA1

652cf69c02d8f07155f52aaddefbf7f5a5d8b9cb
SHA256

f74061f618b92d1a4e9b89eeec13b57eba0d8d23594d83678bf42789cb4bf46e
SHA512

75921043136440a0393c61c97eb9ed56f5b562ebcdfc038474c04f0adb99ac246191722bea715ce347e37beafd28a9796dbae0a6c0758b024ceee19976fa32fa
SSDEEP

768:0WN+17KTWIQO361PIPOq0KCYBQLnmDuTsXTPs8bya49etT6r7P1ZoRbHT24eS33e:0bKTDVkhnmDYsDPs8v49cqATiS0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f2527f31cce09213062127b0d94e56b_JaffaCakes118

Files

2f2527f31cce09213062127b0d94e56b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c7585df99d2bb3acb27b64130630347f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

StringFromGUID2
CoCreateGuid

kernel32

WriteFile
CreateFileW
GetEnvironmentVariableW
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetProcAddress
CloseHandle
GetEnvironmentVariableA
lstrcatA
lstrcpyA
GetShortPathNameA
GetModuleFileNameA
ExitProcess
CreateProcessA
Sleep
GetStartupInfoA
GetModuleHandleA

shell32

ShellExecuteA

advapi32

RegCreateKeyExA
RegSetValueExW
RegCloseKey

user32

wsprintfW
wsprintfA

msvcrt

_acmdln
__p__fmode
_controlfp
_except_handler3
wcslen
memcpy
memset
??2@YAPAXI@Z
_exit
_XcptFilter
exit
__p__commode
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type

Sections

.data
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE