2cf38a6211919f18c11b22318b31b5bc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2cf38a6211919f18c11b22318b31b5bc_JaffaCakes118
Size

100KB
MD5

2cf38a6211919f18c11b22318b31b5bc
SHA1

796dded58d57675ce6109b97d25c2028abec917d
SHA256

d2d1d73dab515b427ed37c3d983876815c10611566923551b54d603ebbf87fa1
SHA512

de797b633f5635ec11895dbacfaa105e2fe87c47c53104875c964c1849aeeacac6efbce6548c657059cdea20f1a38eeaccef0351fac6a0537d0db89e8c579aae
SSDEEP

3072:iWSXCAhtxaMHS7zLwqSfXKBeA9Z3Lh0sv:CXCoasczLwqSPKBN1msv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cf38a6211919f18c11b22318b31b5bc_JaffaCakes118

Files

2cf38a6211919f18c11b22318b31b5bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ccfa930139202fd7322a9bf359158a86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetDriveTypeW
GetEnvironmentVariableA
HeapCreate
CloseHandle
VirtualQuery
CloseHandle
EnumResourceTypesA
TlsGetValue
GetCommandLineA
CreateEventW
HeapDestroy
SetLastError
GetFileAttributesA
GetConsoleTitleA
GlobalFlags
GetModuleHandleA
GetTimeFormatW
GetCommandLineA
lstrlenA

advapi32

CreateProcessAsUserA
IsValidSid
IsValidSid
IsValidAcl
RegEnumKeyA
RegCreateKeyExW
RegDeleteValueA
RegQueryValueW
InitializeSid
IsValidSid
IsValidSid
IsValidSid
IsValidSecurityDescriptor

asycfilt

FilterCreateInstance
FilterCreateInstance
FilterCreateInstance
FilterCreateInstance

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE