2abc5d19e3742be619808352c4b13b20_JaffaCakes118 | Triage

Sharing

General

Target

2abc5d19e3742be619808352c4b13b20_JaffaCakes118
Size

636KB
MD5

2abc5d19e3742be619808352c4b13b20
SHA1

beaf2cef225c852e8e8f94a83488a9d37049a1ab
SHA256

e8f52d548f49fa59c5a4146d816ee6fbb6781e692404f3be1eb40d5c2aa68c23
SHA512

35bc8c365a600b0c8a01acf1a49a6753c813a135167a7756943b0ff998814e544ae16d4930b7871c1989ff3a6d92ab88113eb326765827608c276363e0d80d17
SSDEEP

12288:b+roMKjjU+4/9ZE80kOt2OYDImcutIH0GDyArDcKvn4rZerbj2KNN0vvHJIi:brMf+e9ZeVt2O5EktB4r2jTYKi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2abc5d19e3742be619808352c4b13b20_JaffaCakes118

Files

2abc5d19e3742be619808352c4b13b20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bd4bc11a8ace21a93a506dedb0d15b93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SuspendThread
GetModuleHandleA
GetConsoleCP
CloseHandle
HeapCreate
VirtualProtect
GlobalUnlock
GetAtomNameA
CompareFileTime
GetSystemDefaultLangID
GetConsoleDisplayMode
GetVersion
LocalSize
LoadLibraryExA
GetCommandLineA
GetTickCount
lstrlenA
InterlockedExchange
WaitForMultipleObjects
HeapReAlloc

gdi32

GetStringBitmapA
AbortPath
FloodFill
CreateICA
EngLineTo
GetTextColor
DeleteObject
DeleteDC
Ellipse
GetFontData
CreateFontA
Escape
CreatePalette
GetMetaRgn
BeginPath
EndPath
GetRgnBox
GetMetaFileA
EqualRgn

httpapi

HttpRemoveUrl
HttpAddUrl
HttpInitialize
HttpGetCounters
HttpTerminate

clbcatq

GetDllType

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ