2e1b11d9627e59026e04ec3020c69cc9_JaffaCakes118 | Triage

Sharing

General

Target

2e1b11d9627e59026e04ec3020c69cc9_JaffaCakes118
Size

312KB
MD5

2e1b11d9627e59026e04ec3020c69cc9
SHA1

4bcf61f98cea3efef09a104bbb39d1e3e2536a78
SHA256

a8263be4f37f2612698aa1b23b371ef045a7da0241a9ccc1d2bde40c22509be0
SHA512

658f64fe11e4067a70dcaac822594f9fc4654b3637ba4f8178a803fa42d625c401fabc68758d95803096c11d165674508fa00961ded1379d0b7297c1955a30d6
SSDEEP

6144:sB4U8SZ6FFZGjaCLoOAG99sAEa4LZtz5ft13ZC11b2+Lh+679+y7Ul/WtBB+Wxa:tjCmFLCLXiAMN5l1k11b225l7Uy+U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e1b11d9627e59026e04ec3020c69cc9_JaffaCakes118

Files

2e1b11d9627e59026e04ec3020c69cc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea1ea42c20d64d28de1e7d341421e1c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GetSystemDirectoryA
GetLogicalDrives
GetLocaleInfoA
GetCommandLineA
GetACP
EnterCriticalSection
VirtualProtect
CloseHandle
HeapCreate
FindFirstFileA
GetLastError
SetErrorMode
GlobalFree
LoadLibraryExA
RaiseException
Sleep
ReleaseMutex
SetEvent
ResetEvent
GetStdHandle

user32

GetClassNameA
IsIconic
GetWindow
ReleaseDC
GetWindowTextA
GetActiveWindow
FlashWindowEx
BeginPaint
GetParent
DrawTextA
ValidateRect
FrameRect
GetCursorPos
FillRect
GetFocus
ShowWindow
wsprintfA
SetForegroundWindow
EndPaint

httpapi

HttpInitialize
HttpTerminate
HttpCreateHttpHandle
HttpAddUrl
HttpAddFragmentToCache

winhttp

WinHttpOpen

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ