2a70a7c1df7e09f827b3594d18657545_JaffaCakes118 | Triage

Sharing

General

Target

2a70a7c1df7e09f827b3594d18657545_JaffaCakes118
Size

177KB
MD5

2a70a7c1df7e09f827b3594d18657545
SHA1

11f458aae4aebaecdd00194db0fb871dd5441cdc
SHA256

0e396c793cf2095374991333e4c742c2416cad7810fc456ea85b4d07a5158764
SHA512

51f2d27c8d264cee27bbc0fa6c8db156092fd14fd8f34b2f3417d069d9fcbc66c79ca2c5441e130f24238f9fccfa514cd9c093857b615ca9fe272ffc75723ca7
SSDEEP

3072:pZI5oqyzYRwCYYPwdjQCtdKIDXbBZFjJpvuvR1SyNh9BObn/gaqaw:pZI5FyzYCCYJjQgxrTVTvAEa9i/i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a70a7c1df7e09f827b3594d18657545_JaffaCakes118

Files

2a70a7c1df7e09f827b3594d18657545_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2bc092e2647385617b8e1560be69890b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fprintf
_onexit
memset
qsort
_amsg_exit
_unlock
_adjust_fdiv

kernel32

IsDBCSLeadByte
GetPrivateProfileStringA
HeapReAlloc
ExitProcess
VirtualProtect
GetVersionExA
GetCurrentThreadId
SetLastError
GlobalLock
GetCommandLineA
SleepEx
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
CreateDirectoryW

gdi32

SelectPalette

user32

LoadStringW
ReleaseCapture
GetCapture
CharNextA
EnableWindow
IsChild
EnumWindows

advapi32

RegCreateKeyExA

ole32

StringFromCLSID

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1006B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ