2f675431ca6b5951749e50e95d9c093c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f675431ca6b5951749e50e95d9c093c_JaffaCakes118
Size

356KB
MD5

2f675431ca6b5951749e50e95d9c093c
SHA1

bb489be646a3e07c53ee00070be6f109307d56bd
SHA256

64e7adff90aa1d0c7f5099b3ee0639d9a9b5fcde2ce14c30befec939476e02df
SHA512

01ceb41212aede686ecebeb12a66540c425cc5555f29e1cfdc3070acfae88c5c880beb820fc36e744f9c602831bb865dff7ef243610d3175a148028518a7b8e2
SSDEEP

6144:1NEDrA9eYQbkZZQwwj29wk1coyvxzkAOfXnzWg14tXczZQSwYBX:1NmAIrI8wBCoyZzXOfem/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f675431ca6b5951749e50e95d9c093c_JaffaCakes118

Files

2f675431ca6b5951749e50e95d9c093c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

757fa5c9137fdd779ffab77b6fa4a322

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
TerminateThread
ExitProcess
GetSystemTime
PulseEvent
VirtualProtect
VirtualLock
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
IsBadCodePtr
FlushFileBuffers

user32

IsZoomed
GetParent
GetWindow
LoadIconA
GetClientRect
SetTimer

advapi32

CopySid
AddAce

ole32

CoUninitialize

psapi

GetWsChanges

avifil32

EditStreamSetNameA

msvfw32

DrawDibClose
ICCompressorFree

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 248KB - Virtual size: 766KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ