2c4dad8c0ac258c585c433a579c7de5b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2c4dad8c0ac258c585c433a579c7de5b_JaffaCakes118
Size

230KB
MD5

2c4dad8c0ac258c585c433a579c7de5b
SHA1

2435b8f026e2c7f3c1feaa3b23bbdc349ad8412a
SHA256

a3c750029c411efe2ca6fce27951dd076c9bcf6cad91e02de8d73f5412d730be
SHA512

8602a4f4c5cb7daf33d4d4bab0222a903ae23911fffc6d53aff2dfdd0b2eb20eb77ffd75fdbc8bffb7ed230154f037d23b5a212f90880fe743f57cfb062a030f
SSDEEP

3072:rXG6kCfwgJDPvJHOykNoehGs3kXO0O/GyOW+0C1:dphzJHOxNVT3k+0qGLfV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c4dad8c0ac258c585c433a579c7de5b_JaffaCakes118

Files

2c4dad8c0ac258c585c433a579c7de5b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7de4498f54a02f0fffa20f91036c07a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextA
GetDesktopWindow
GetSystemMetrics
GetDC

kernel32

GetModuleHandleA
GetCurrentProcess
lstrcmpiA
SetLastError
GetVersion
Sleep
MulDiv
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
GetConsoleOutputCP
GetWindowsDirectoryA
GetStartupInfoA
lstrlenA
SetCurrentDirectoryA
lstrlenW
GetProcessHeap
DeleteFileW
lstrcmpiW
GetCommandLineW
GetCurrentThread
DeleteFileA
GetACP
RemoveDirectoryA
GetDriveTypeA
GlobalFindAtomA
GetModuleHandleW
lstrcmpA
GetOEMCP
QueryPerformanceCounter
GetThreadLocale
GlobalFindAtomW
LoadLibraryW
IsDebuggerPresent
GetLastError
GetCommandLineA
GetUserDefaultLangID
CopyFileA
VirtualAlloc

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bdnsuga
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE