2f537366c6793b6a36a8d4f4e33a332c_JaffaCakes118 | Triage

Sharing

General

Target

2f537366c6793b6a36a8d4f4e33a332c_JaffaCakes118
Size

80KB
MD5

2f537366c6793b6a36a8d4f4e33a332c
SHA1

9f3838edb4b68183ae1362dc76aa5c6878ff4993
SHA256

cd5d0b98498c4c6d1ecb6c3d56212112ca6b82aad30ae5256a5c54e969f43a50
SHA512

10649c5706ebf980640a5ee4d4dd587f5040988a6ffe8894f5e0d3cf304839f1a4e506da19fd4741c74486dfbfd9154bf9c7e91c9edc1ba99594edc409d92c89
SSDEEP

768:R1+VGFeTJO0FzYNVuaUEpmjKl2Uk0jBBQARQkeYkcl:b+VGFel3YNtmjKloKBBQARurS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f537366c6793b6a36a8d4f4e33a332c_JaffaCakes118

Files

2f537366c6793b6a36a8d4f4e33a332c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee9ca16531db65b23906cd8e7c84259b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetCurrentProcess
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetQueuedCompletionStatus
GetSystemDirectoryA
GetTempPathA
LoadResource
LockFileEx
LockResource
MoveFileExA
FindResourceA
Process32First
Process32Next
RtlZeroMemory
SizeofResource
Sleep
TerminateProcess
VirtualAllocEx
WriteFile
WriteProcessMemory
lstrcatA
lstrcmpiA
lstrcpyA
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateRemoteThread
CreateFileA
CopyFileA
OpenProcess
CloseHandle

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegRestoreKeyA

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 781B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ