2f70d0ab9f16e704f83fbca7e4b8a1b4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f70d0ab9f16e704f83fbca7e4b8a1b4_JaffaCakes118
Size

313KB
MD5

2f70d0ab9f16e704f83fbca7e4b8a1b4
SHA1

fb9e65b561980e15165aef75b68b241bef04fb0b
SHA256

e9efb9d4d905f4c14c1df417d6e3d7074acd1fa30b973c0d71a4c5275232a279
SHA512

be86539a5112377bd7e6ef1b7056797ba30ad9660c364b4eb223447f573ac4b344bd3da5c7026bdd15719535e5c0e4805ff812015469af589f7f708460c37fa5
SSDEEP

6144:4PH/wwALEUzYa1Qvq9bQDbafszUuXjncFTB91arSFGciNoixv4UOEs:4P/wP44KyxQbaUzUuXUfgrpciNoixv4H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f70d0ab9f16e704f83fbca7e4b8a1b4_JaffaCakes118

Files

2f70d0ab9f16e704f83fbca7e4b8a1b4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df4c8043be661ef46bd857b8cf484dd2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteAtom
GlobalLock
RaiseException
GlobalFree
GetCommState
WriteProcessMemory
LoadLibraryExA
GetProcessHeap
ExitThread
GetTapeStatus
FindAtomA
EnterCriticalSection
CreateHardLinkA
ClearCommBreak
GetStdHandle
GetOEMCP
VirtualAlloc
GetProfileStringA
GlobalFlags
GlobalCompact
CloseHandle

user32

GetWindow
IsIconic
CloseWindow
GetActiveWindow
EndPaint
GetForegroundWindow
GetWindowTextLengthA
DrawEdge
GetDC
GetWindowTextA
BeginPaint
ValidateRect
RegisterClassA
GetParent
ShowWindow
GetClassNameA
GetClassInfoExA
ReleaseDC
GetFocus

wsock32

WSAIsBlocking
WSAAsyncSelect
WSAGetLastError
WSAStartup
WSACleanup

dot3api

Dot3SetProfile

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ