2f99c62c9ee55f3b79c50a0069431c2f_JaffaCakes118 | Triage

Sharing

General

Target

2f99c62c9ee55f3b79c50a0069431c2f_JaffaCakes118
Size

133KB
MD5

2f99c62c9ee55f3b79c50a0069431c2f
SHA1

60cce50ed54740277d833818ec8b1f7008606c7d
SHA256

cd1212f9adf6232cf98778e28a53fb7a28798dc800fe6ca13b9ca5e5bcc6251d
SHA512

046f50e908f442d3c93892f8c0bc67778b49e10c55f26ae7b1ce6c55149b2b8db4b27f789e15808cc1d5ca49c588bd0a6da447fae4e478032636a700bf155df7
SSDEEP

1536:4Xm5qoMmacLhVLt5XDs3qf5KZ6P3r2g/64zOIKEEBG22+U0:35qoMmDhVXs3qf5BSiNj8GJX0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f99c62c9ee55f3b79c50a0069431c2f_JaffaCakes118

Files

2f99c62c9ee55f3b79c50a0069431c2f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

818557ff568d29340cc18246bf439d4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtQueryEaFile
PfxRemovePrefix
NtAllocateVirtualMemory
NtLockProductActivationKeys
RtlCopySecurityDescriptor
RtlUshortByteSwap
RtlQueueWorkItem
ZwQueryPortInformationProcess

kernel32

FreeLibrary
FileTimeToLocalFileTime
CreateFiber
MoveFileW
TlsAlloc
GetCurrentThread
GetComputerNameA
GetModuleHandleA
GetVersionExW
ExitThread
GetVersionExA
GetAtomNameA
WaitForSingleObject
CreateDirectoryA
GetCommandLineW
lstrlen
GetFileAttributesW

user32

SetWindowPos
CreatePopupMenu
GetSubMenu
GetWindowTextLengthW
wvsprintfW
SetScrollInfo
LoadIconW
CreateDialogParamA

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1021B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ