2ab7045dda76b70e78d414e1664e6f60_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ab7045dda76b70e78d414e1664e6f60_JaffaCakes118
Size

140KB
MD5

2ab7045dda76b70e78d414e1664e6f60
SHA1

a3ad49053f7b8b263df7db1782021315e9be9c8f
SHA256

472c054304f59e1bebdff9e4cfac298ae3fc898669e4608567d2f1e026866904
SHA512

6d6f282afcb7cc1a1a7aaebffd2670aa6637ff3eff091e171c7a8b2ceae611b1c2f873db173578104b15242c2a652d1b17f9c8ecfb81ddc1b901934a4634af6c
SSDEEP

3072:jJ5fpcPjw5xzrvVMQBW9/Fom5aVXrcKC/o6wH73FEc/YN:H6Pj0vVM9XfaV7Rr3YN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ab7045dda76b70e78d414e1664e6f60_JaffaCakes118

Files

2ab7045dda76b70e78d414e1664e6f60_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0c4c7c22645b7004d2282663e933f6d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetLastError
GetSystemTime
ExitProcess
GetEnvironmentStrings
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
Sleep
GetModuleFileNameA
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
IsProcessorFeaturePresent
GetSystemInfo
FreeLibrary
lstrlenW
DeviceIoControl
FreeEnvironmentStringsW
FreeEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
InitializeCriticalSection
GetCurrentProcess
IsBadCodePtr
lstrcmpA
GetConsoleWindow
OpenSemaphoreW
LoadLibraryA
GetLastError
LocalAlloc
GetProcAddress
InterlockedExchange
RaiseException

shlwapi

PathCombineW

Exports

Exports

EuropeAppliesCustomerAnd
FromH
LimitationLimited
SandyfordON
ServingIf
YouBlockMiddle
YourYou

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ