2f91f95ab653136976d1230608d81095_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f91f95ab653136976d1230608d81095_JaffaCakes118
Size

31KB
MD5

2f91f95ab653136976d1230608d81095
SHA1

0979c214f7b23d4be436a9008e8dea27d5a79123
SHA256

e60a481aa51856d6b93b9062120e58c01b3dd3b3959b51c0b0c8bf522e0bf3e0
SHA512

eb2688c8d2debc0d68fc1860d06e04362a2e277d6ed9821a0fe9c05c63be6e412e65ff460cdc211be572a4c876a27586ce821b448a8a1171d24fb6aa2d9e86e3
SSDEEP

384:Egy6Jd3dePw1oyND1P7GTFFVy1Dpes4QFQxyleb78oyK5:EgbJneI1oy5A30Dp1FQxbb78oyE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f91f95ab653136976d1230608d81095_JaffaCakes118

Files

2f91f95ab653136976d1230608d81095_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d184221910ec9bc5db066176b1c3d006

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
SizeofResource
GetTempPathA
LoadResource
FreeResource
SetUnhandledExceptionFilter
OpenSemaphoreA
GetStringTypeW
GetStringTypeA
FreeLibrary
SetFilePointer
CloseHandle
GetModuleFileNameA
WritePrivateProfileStringA
GetCurrentProcess
WriteProcessMemory
Sleep
GetLocalTime
GetTickCount
GetProcessHeap
HeapAlloc
GetModuleHandleA
GetProcAddress
LoadLibraryA
LCMapStringW
LCMapStringA
lstrlenA
ExitProcess
GetStartupInfoA
GetCommandLineA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar

user32

wsprintfA
CharLowerBuffA

advapi32

RegOpenKeyA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ