2e1001299ed280a172ef383b0bc261f6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2e1001299ed280a172ef383b0bc261f6_JaffaCakes118
Size

385KB
MD5

2e1001299ed280a172ef383b0bc261f6
SHA1

802dbaab8803510f9f8a0583516bb7af417f0655
SHA256

dbf33c6e483449e7ae54451c5045cee783094425a6a1c02d4b20153ef22344fc
SHA512

59016d2eb8df5b712db504cf0d635ed33b420f7f9b1e72ce3911d51208a5dd581e0ed7be5a83e928c5d11be293a694f17afb793572e1ea0ff0255bd7863eacf5
SSDEEP

6144:glqxmjPqipSnVKkYFmUzS9n4rPY7AC42KibWKUqi+oAVLXHKVZ/1gdxEx5:vgXSVKkY4UmR4rPx9kWKUZ+BXyZ/1p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e1001299ed280a172ef383b0bc261f6_JaffaCakes118

Files

2e1001299ed280a172ef383b0bc261f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b697da7a5a30acb098756cde74938b9e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDriveTypeW
CreateEventA
InterlockedExchange
ResetEvent
lstrlenA
CreateMutexA
GetCommandLineA
VirtualAlloc
GetModuleHandleW
GetExitCodeProcess
CloseHandle
GetEnvironmentVariableA
GlobalFree
ResumeThread
GlobalSize
GetACP
LocalFree
GetPrivateProfileIntW
WriteFile
FindVolumeClose

user32

GetKeyboardType
IsWindow
CreateWindowExA
GetClientRect
GetCursorInfo
GetSysColor
GetSysColor
SetFocus
DrawStateW
EndDialog
CallWindowProcW
DispatchMessageA
GetClassInfoA

avicap32

videoThunk32
videoThunk32
videoThunk32
AppCleanup
videoThunk32

sysdm.cpl

NoExecuteAddFileOptOutList

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ