2e81f80d7848303578213c2591e5e5fd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e81f80d7848303578213c2591e5e5fd_JaffaCakes118
Size

113KB
MD5

2e81f80d7848303578213c2591e5e5fd
SHA1

8cd03cbc02146d2c5c36911a6651fd1e64ea26c7
SHA256

dd4bb89e04f40ed72d972dcb6c234a901774bc9eb14d37d7d4ede8c416960598
SHA512

eba40f2c2ea0268ca62e5d2ae4fe3c354516cfd2879f332e075f17318e041f44897cb93b7a981e816b76e627a9db962f3560c8685743c54bdf83e9530e08fd7e
SSDEEP

3072:GyZYgpL35W5lz62OIyt1YfJgCWaPWrwlM93zhBRrxU:HegpLmzv21AgCWZFz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e81f80d7848303578213c2591e5e5fd_JaffaCakes118

Files

2e81f80d7848303578213c2591e5e5fd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ebfbcfc98908af250d0987bd263b1e42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPriorityClass
GetCurrentProcessId
GetCommandLineW
GetVersionExA
GetStdHandle
GetEnvironmentStringsW
GetCommandLineA
GetCurrentThread
GetModuleHandleA
VirtualAlloc
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
GetEnvironmentStrings

user32

SetWindowTextA
LoadCursorFromFileA
LoadIconA
LoadCursorA

crypt32

CryptMsgUpdate

setupapi

SetupGetLineCountW

msvcrt

_initterm
_onexit
__dllonexit
_controlfp
__set_app_type
_except_handler3
strlen
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
__p__fmode
__setusermatherr
_adjust_fdiv
__p__commode

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ