2b39b09488408f63b59f75399778b372_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b39b09488408f63b59f75399778b372_JaffaCakes118
Size

63KB
MD5

2b39b09488408f63b59f75399778b372
SHA1

b43fd71c1bd17f8290eb3a310c0e1fcd03feadd7
SHA256

42e2026b0744a80a896e4f0f5268215f854c446a14f829a4f6be292e2e96f025
SHA512

a2bdfa88985f2bfb82c36bdbdea3cff24b8a5dde52c8bf76e407a7fdf07d1a5ed772a9530da0aa46db4ef3a803de62abe538c33507403a238eebc8483bb3a79a
SSDEEP

1536:bd8Ada+9kQiBog3C8ZIXlfuWCGvTlFkUJLGL9MOwZj:avqiOgS862mlflGLO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b39b09488408f63b59f75399778b372_JaffaCakes118

Files

2b39b09488408f63b59f75399778b372_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3e4cdc29b2636d4d50d65d57c7d5c971

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpiW
GetModuleFileNameA
GetLogicalDriveStringsW
lstrcmpiW
WaitForMultipleObjects
lstrlenA
lstrcmpiW
HeapCreate
GetDriveTypeW
GetStdHandle
GetProcessHeap
IsValidLocale
GetModuleHandleA
lstrcmpiW
DeleteFileA
SetLastError
Sleep
FileTimeToLocalFileTime
CreateMailslotW
GetVolumePathNameW
OpenMutexA
lstrcmpiW
CreateNamedPipeW

scecli

InitializeChangeNotify
SceOpenPolicy
SceSysPrep
DeltaNotify

Sections

.text
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ