2f3297811241cfd01c056f65b87e4604_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f3297811241cfd01c056f65b87e4604_JaffaCakes118
Size

24KB
MD5

2f3297811241cfd01c056f65b87e4604
SHA1

7d5191c34d76e1ef96af1d6b06e46279cdf6a321
SHA256

c8a65074e57559d14b6cc20470be6236589bc2987698cc75c34de36202d4d099
SHA512

8fd86ee122640f7fa258c49df2609d3a33261dd4372c3467f29d5936ff34b2301e1f5a89e2ea26747445211143478d3e6296df87a062f00946c2693ba5639cf9
SSDEEP

768:bVSaXKGuZ7dSNLcVFbiyiu3N0fSZc9A05Nf:braGlNLcziR8N0fSqjb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f3297811241cfd01c056f65b87e4604_JaffaCakes118

Files

2f3297811241cfd01c056f65b87e4604_JaffaCakes118
.exe windows:1 windows x86 arch:x86

54ae286b387238888a3b7bb128a308a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumPropsExA
IsCharAlphaNumericW
GetIconInfo
GetWindowWord
NotifyWinEvent
CreateDialogParamA

oleaut32

VarR8FromR4
VarR4FromUI1
VarUI4FromUI2
VarBoolFromUI2
GetRecordInfoFromTypeInfo
VarCyRound

shlwapi

PathCombineW
StrRetToBufA
SHQueryInfoKeyA
StrCatBuffA
PathRelativePathToW
PathStripPathA
PathCompactPathExW

ntdll

NtEnumerateKey
ZwQuerySecurityObject
RtlUnicodeStringToAnsiString
RtlIdentifierAuthoritySid
NtQueryAttributesFile
RtlPinAtomInAtomTable

ole32

OleGetAutoConvert
HICON_UserUnmarshal
CoMarshalHresult
IsValidIid
RevokeDragDrop
OleConvertOLESTREAMToIStorageEx
StgIsStorageILockBytes
CreateFileMoniker

shell32

SHBrowseForFolderW
SheShortenPathA
FindExeDlgProc
SHFreeNameMappings
SHGetMalloc
SHAppBarMessage
SHGetDiskFreeSpaceExA

Sections

.idata
Size: 13KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE