2999b37c162a68e079b766f815318d12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2999b37c162a68e079b766f815318d12_JaffaCakes118
Size

241KB
MD5

2999b37c162a68e079b766f815318d12
SHA1

8b2c8800b8aeee9d9a1cae94f1cb1fbabfcaafeb
SHA256

f340bd654b3042a40caea414e95f41d9b3e1a949cc00606b5f152389dbaffa99
SHA512

a476ceef7d6e6ba349c4578679442b206cd6f3b21f391d5c9c0ba1f1968365438288dd9d6e73a6855590a5ca989927d35fbaa8fa6f628fc48e72aa754b81ac77
SSDEEP

3072:EuS30VDyvMjsrAyWsq41sOmm4JB/QqxFUrjbDFVNPAH+rOfSmUr39VqTBRwxEzwI:vdPwXCL/dxFUfbpVN/OfzOVKQEXk2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2999b37c162a68e079b766f815318d12_JaffaCakes118

Files

2999b37c162a68e079b766f815318d12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c23c507b653bd43953367cb7bade7709

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
GetCurrentThreadId
LoadLibraryA
GetProcessHeap
GetSystemDefaultLangID
GetFileSize
SetLastError
FreeLibrary
GetModuleHandleA
GetSystemTimeAsFileTime
GetLastError
CloseHandle
ExitProcess
ExitProcess
GetWindowsDirectoryA
QueryPerformanceCounter
GetSystemDirectoryA
GetCurrentProcessId
GetVersionExA
CompareStringA
WaitForSingleObject
GetStartupInfoW
GetModuleFileNameA
InitializeCriticalSection
GetTickCount
InterlockedExchange

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

user32

ReleaseDC
DrawIcon
SetRect
GetLastActivePopup
GetDC
SetForegroundWindow
GetSystemMetrics
CopyRect
GetWindowRect
EnumWindowStationsA
GetClientRect
IsIconic
ShowWindow
TranslateMessage

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.strings
Size: 5KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ