2b3e6286e240a041821c5aad824ddbd7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b3e6286e240a041821c5aad824ddbd7_JaffaCakes118
Size

130KB
MD5

2b3e6286e240a041821c5aad824ddbd7
SHA1

a96a296ad6c7a5151333dcb5c43d715646e7e34b
SHA256

cdb80957a79da5855c1a50fbb279ef4e88abd5ed3280335a506e3fc7c33f5af3
SHA512

df5b03d8dbf7e9bed6ac35101a8703b79c8362be8ddef6aa980c83f9829c486fd5ce9dfa84b764f06a9dba64cc06a4a87a0a11e3bc378bed91f956471bdfc453
SSDEEP

3072:Q6bvPXr3hgc9cVrhvc4kgZDu/8pjQQigZ4HhOz0:Qsv/rxgocV7kgZI8pj5QHoQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b3e6286e240a041821c5aad824ddbd7_JaffaCakes118

Files

2b3e6286e240a041821c5aad824ddbd7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52feb061e354826b39b35c1ca984cd4e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
IsDebuggerPresent
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualProtect

user32

GetDesktopWindow
GetParent
GetSysColor
GetWindowTextA
InvalidateRect
LoadStringA
MapWindowPoints
SetFocus
UpdateWindow

gdi32

CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
Escape
GetObjectA
GetTextExtentPoint32A
GetTextExtentPointA
MoveToEx
SaveDC
SetDIBColorTable
SetViewportOrgEx
SetWindowOrgEx

shell32

DragQueryFile
SHChangeNotify
SHGetFileInfo
SHGetFileInfoA
SHGetPathFromIDListW
SHGetSpecialFolderPathW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ