2f8bdf2658373f708e1365a10178fdc3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f8bdf2658373f708e1365a10178fdc3_JaffaCakes118
Size

39KB
MD5

2f8bdf2658373f708e1365a10178fdc3
SHA1

a97c047edb4390f7ed7e691dc6c82e4225df0c98
SHA256

4b1e5a62968309b7d59a4ca5578e53cc4105e3006d4d892c26b556a0e8a19116
SHA512

cee99e79d99d4030551fe147b4f2f0c8a5fcb6964a9da2846f64f0c2fd85fb5e09e2d4cb845f7c09bffa14cfc3d87238fbd74bc003cdd7837f340d89945ba60a
SSDEEP

768:Znf6XK+db69ewgvdEAY26Ky+wLZwvB5wjMfP+iy1OGCnewFC7l6Q02S2ekYnBbt7:Znf6XKk29ewgvd9Y26Ky7LZwvBN+imqv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f8bdf2658373f708e1365a10178fdc3_JaffaCakes118

Files

2f8bdf2658373f708e1365a10178fdc3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b14dcda3675e6e7398186c4046c68b0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExA
CloseHandle
ReadFile
SetFilePointer
Sleep
CreateFileA
ExitProcess
GetModuleFileNameA
HeapAlloc
GetProcessHeap
VirtualAlloc
VirtualProtect
VirtualFree
GetProcAddress
LoadLibraryA
IsBadReadPtr
lstrcmpiA
HeapFree
FreeLibrary
GetStartupInfoA
GetModuleHandleA

msvcrt

malloc
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
free
realloc
_strdup

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE