2fe69516d86d126378bcaaaa273f55fc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fe69516d86d126378bcaaaa273f55fc_JaffaCakes118
Size

16KB
MD5

2fe69516d86d126378bcaaaa273f55fc
SHA1

636b1237ccf1b3d33bc0a7ba95e774c4da1bc5c7
SHA256

8cd57ea27f22a7277524ccae55d6652cfa3ea2cba7a1369b02134441d5d8171c
SHA512

2548e2c8c0741aa5fcb2e82424f832b848b4c1894c9e5d618c702c4cbf7aaf65631898c2bb122bcf34f08ece54615a5e30ef0f91799f00d3adf69d00b8c5ace6
SSDEEP

192:KRXrvuFWXMh5NMTDNuXVCDrnnLbxvoR/romQp3177T5F/EC7SI0qOvvv+Keh0/0:kP87NoUEHnP9WQr7/0Iy3+pys

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fe69516d86d126378bcaaaa273f55fc_JaffaCakes118

Files

2fe69516d86d126378bcaaaa273f55fc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17e1240dca697ef23b78b63f5c01523d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
GetWindowsDirectoryA
CreateFileA
GetProcessHeap
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

advapi32

RegOpenKeyExA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ