2fb36494bd956ce2b04c028d38c31c9a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fb36494bd956ce2b04c028d38c31c9a_JaffaCakes118
Size

83KB
MD5

2fb36494bd956ce2b04c028d38c31c9a
SHA1

3483f6d27c77c4a55ef6203e73b63b27a05c1f42
SHA256

5e7a058ab17eaf0687ae4d665daa17c2b48ba61c320269e1a2edaba530c2666c
SHA512

e277c6460c237b2aa8377c94ba0e20ab8fbe7eb3dc31f04382d7ab5ae2d53d5df6e2242469fbc89e52a363b5c9898edd759944079224b7ca0d47fe1b7152dec7
SSDEEP

1536:LlphM9sS4dy+yXiGSvUyPY5aYgqiU1F0Q4Z2uSvYMuJccZw21V98:VM9sxxyyvxg6MBDuSvZOri21V98

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fb36494bd956ce2b04c028d38c31c9a_JaffaCakes118

Files

2fb36494bd956ce2b04c028d38c31c9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a733a1b8a2ddf6a36416343efdf27b46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

ole32

IsEqualGUID

urlmon

MkParseDisplayNameEx

shell32

SHGetSpecialFolderPathA

Sections

CODE
Size: 68KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE