2bba56e232d74f602d8c32adcdd4346e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bba56e232d74f602d8c32adcdd4346e_JaffaCakes118
Size

280KB
MD5

2bba56e232d74f602d8c32adcdd4346e
SHA1

69f57bc0df585e582b342eddf5b06c859ee5b64d
SHA256

6d427c6189127ca81db4b86d7b946658a15b65bb869cd454248863e25bd54601
SHA512

e007e2e63732103db74065962d398172673bab188400de6560afcf62a52756a5e0634bc3199cb9ed0eff2d12939412985d629076735e666ce563c9b0ce385745
SSDEEP

6144:R5v+8p2tsMOsLz8rBdtv8DD6BOhpUt6cR+CaJXs9:R5vnphlseKDD4OhpUtzR+Cya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bba56e232d74f602d8c32adcdd4346e_JaffaCakes118

Files

2bba56e232d74f602d8c32adcdd4346e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

262a92b4d122c9558423d0a9e08dc634

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memcpy
memcmp

kernel32

CreateFileA
CreateDirectoryA
CreateFileMappingA
Sleep
VirtualAlloc
VirtualFree
VirtualProtect
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
GetMailslotInfo
GetFileSize
GetConsoleMode
FreeLibrary
DeleteFileA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 722B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 870B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ