87c2d37b168713d3c220d00ab6d5230a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87c2d37b168713d3c220d00ab6d5230a_JaffaCakes118
Size

129KB
MD5

87c2d37b168713d3c220d00ab6d5230a
SHA1

31248863c19ce2c61521499efc4331fba9ef4221
SHA256

b09ef8b36bcd35142d9305cf490fd4fffb78e0c7ce8146dcd24a0c903ff2ef2a
SHA512

de3875aaa87fe2b1abac66e2d50b6253664dff6729d83504e1daca456d95597fa0b8932b818bbbc2b5fc198fb8f2c814a0fa48960a34db488457c29c085caab7
SSDEEP

3072:cEqEp2ljEyitW8Mah2OGhFNlLYx5x9+2pc/5Z51Fa:cEqEpIjhQkjOYblLYx5x9K5Ha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87c2d37b168713d3c220d00ab6d5230a_JaffaCakes118

Files

87c2d37b168713d3c220d00ab6d5230a_JaffaCakes118
.exe windows:0 windows x86 arch:x86

2b713c2400a93ce32fc000feb8c282e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtDisplayString
LdrFindCreateProcessManifest
CsrAllocateMessagePointer
ZwAllocateVirtualMemory
NtEnumerateBootEntries

kernel32

CreateEventA
DuplicateHandle
CompareStringW
GetDiskFreeSpaceA
GetEnvironmentVariableW
DisconnectNamedPipe
GetTempFileNameW
RemoveDirectoryA
GetCurrentDirectoryA
GetVolumeInformationA

user32

IsWindowEnabled
CharLowerA
OffsetRect
ShowWindow
AppendMenuA
wsprintfA
LoadCursorA
GetClassInfoExA
SendMessageA
DrawIcon
SetWindowPos
CharUpperW
GetMenuInfo
GetMessageW
GetMenuItemID
GetFocus

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 957B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ