2a06a6cf8372f5fa89b4faa786d08937_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2a06a6cf8372f5fa89b4faa786d08937_JaffaCakes118
Size

18KB
MD5

2a06a6cf8372f5fa89b4faa786d08937
SHA1

a68182c51a38733d73ac835375ab0000684ce65e
SHA256

bb7c74da4bf63c903679fbf555710b9d028bf4b495faf4dee804342fcdd517cd
SHA512

5b848d408716b3eba17dba716b95215d80f23894383212b1aabbad63515869351c6a526e1c243d9b8eea9fd2c94afa54d28943307c33b0cd81197cef3bcb05d0
SSDEEP

384:HZ+C5X/KFzauSO/CXWTbLQkG1EsRd1j4A:HZ+oC5NpG1Hf0A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a06a6cf8372f5fa89b4faa786d08937_JaffaCakes118

Files

2a06a6cf8372f5fa89b4faa786d08937_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3e52e40e0663d8b1f981fd2f3d6acfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateIoCompletionPort
InterlockedExchange
LoadLibraryExA
GetModuleHandleA
GetStdHandle
GetLogicalDrives
VirtualProtect
GetEnvironmentStringsA
GetCurrentProcessId
WaitForSingleObject
GetTimeFormatA
HeapCreate
HeapDestroy
GlobalMemoryStatus
GetACP
HeapQueryInformation
GetProcessHeap
IsDebuggerPresent
GetProcessVersion
GetCurrentThread
GetTapeStatus

user32

GetCursorPos
GetWindow
GetDlgItem
BeginPaint
GetTitleBarInfo
DragDetect
GetClassNameA
SetForegroundWindow
GetParent
wsprintfA
ReleaseDC
GetFocus
GetWindowTextLengthA
FillRect
SetActiveWindow
EndPaint
FrameRect
DrawTextA
ShowWindow

gdi32

CreatePalette
CreateBitmap
CloseFigure
GetClipBox
GetLayout

setupapi

SetupCloseLog

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ