2ba489b4603cf60d69c1dcbe66e16402_JaffaCakes118 | Triage

Sharing

General

Target

2ba489b4603cf60d69c1dcbe66e16402_JaffaCakes118
Size

73KB
MD5

2ba489b4603cf60d69c1dcbe66e16402
SHA1

29efed75c69959eed8ae92f5920226da96065aa9
SHA256

662db986b1ff8e29e1e45511e9887da3b47b34b996b84d220198f20314092b06
SHA512

865f14de83bf2869150aef07ad501838a0ddf9a88e74c4f8fca5df4f08b4286cf409dd16c705caf49c1a92d66ac1df311392714019905fa2c633c2d623eb81d0
SSDEEP

1536:vUmB2v0zxhWE9TE94kr2PmHYS/tMfORSTlGgN/te:F7zFm4SiOAk2/te

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ba489b4603cf60d69c1dcbe66e16402_JaffaCakes118

Files

2ba489b4603cf60d69c1dcbe66e16402_JaffaCakes118
.exe windows:5 windows x86 arch:x86

39e25ababdf00ab0ecf65baff7e023c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
lstrcmpiA
IsBadReadPtr
GetProcAddress
VirtualProtect
LoadLibraryA
VirtualAlloc
CreateThread
GetModuleHandleA

user32

SendMessageA
KillTimer
DefWindowProcA
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

Exports

Exports

fgdfgdfg
gtbfdb
start

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ