2fb362f495dba264ca2c1d6149c2e2cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fb362f495dba264ca2c1d6149c2e2cc_JaffaCakes118
Size

386KB
MD5

2fb362f495dba264ca2c1d6149c2e2cc
SHA1

3513470ea2497264118d0408aad9299ed7f7e3f3
SHA256

c50461bd3020b8f0f3435ef77f25911e2c955c81d625c20f81e7a6320a5aae59
SHA512

ec1e65b3225b25d690b3c023c0166e0f3d1b2ac7360162648bd77a338ddb23e34b7aac60d6e0b4ad148687e7120f51a4ec74fd4d05b62d1fd6a712f84eaac2bb
SSDEEP

12288:z9Z8yXg9VVkyLJ+k4DvuJg7JJOz8Xbuia:5ZXKQykk4rN7JJO+d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fb362f495dba264ca2c1d6149c2e2cc_JaffaCakes118

Files

2fb362f495dba264ca2c1d6149c2e2cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

57096226ecdfe0492e21996a530ee442

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
FindFirstFileA
SetEndOfFile
RtlUnwind
FindFirstFileW
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
TlsAlloc
HeapReAlloc
HeapAlloc
OpenFileMappingA
GetCalendarInfoW
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
ExitThread
FillConsoleOutputCharacterW
EnumDateFormatsW
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime

shell32

RealShellExecuteW
DoEnvironmentSubstA
ShellExecuteExW
ExtractAssociatedIconExA
ExtractAssociatedIconW
ShellExecuteA
ShellAboutW
SHEmptyRecycleBinW
ShellAboutA
ShellHookProc
SHQueryRecycleBinW
SHEmptyRecycleBinA
SheGetDirA
SHGetDesktopFolder
DragFinish
SheSetCurDrive

wininet

InternetOpenA
SetUrlCacheEntryInfoW
GopherFindFirstFileA
CreateUrlCacheGroup
SetUrlCacheConfigInfoA

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ