2f69390f8c14b69576516ed8aae54599_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f69390f8c14b69576516ed8aae54599_JaffaCakes118
Size

126KB
MD5

2f69390f8c14b69576516ed8aae54599
SHA1

d8fc28a263888ed7871906694bd948bf01e31830
SHA256

695766185f567941424ba9bb059d1dc15b76b936678e2f9dd30b57371779a827
SHA512

9b756faa635e4b67b5bdd8e13f8c5373bb11ae875f271b42db5e97069d26f13eeaf40190151c3836759e35de7cc36dbd5d3c8389483091051ca7e7569c48152f
SSDEEP

3072:5ejlsAWv9bXFk8Qzmx9v0sa94DK6gYe974wgCNgXdPVqD:5eRRWv9Vk8Qzm/sBlKNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f69390f8c14b69576516ed8aae54599_JaffaCakes118

Files

2f69390f8c14b69576516ed8aae54599_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e425d776ce69b8b3addeb4585a95f50f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCurrentThreadId
HeapFree
IsBadHugeReadPtr
LoadResource
VirtualAlloc
LoadLibraryA
InitializeCriticalSection

shlwapi

SHStrDupA
PathFileExistsA
SHQueryInfoKeyA
PathIsDirectoryA

gdi32

GetCurrentPositionEx
GetDIBColorTable
GetBitmapBits
GetDCOrgEx

comdlg32

FindTextA

user32

LoadIconA
GetSysColor
GetMenu
GetSubMenu
CreatePopupMenu
IsWindow
GetSysColorBrush
GetScrollRange

Exports

Exports

_X2pUtE@8
_7jVhO
_hOmZX@20
_vLkiYMX@20

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ