2f9608eb845baf71631199540514a927_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f9608eb845baf71631199540514a927_JaffaCakes118
Size

286KB
MD5

2f9608eb845baf71631199540514a927
SHA1

368994005c1e6f553f37a833eb549a38e92a3f19
SHA256

bb1b780dbc996239663380054a4fa16397fb230a6acde98ec5895ac24b6732e5
SHA512

35b0ed5184474d4122dca031f6a43ca027ede83b953dc8beb623b89f25e48ad2d189f057415836a8af3f610fc97492a4ddb1fd39ed2043dd9be010e1595a3596
SSDEEP

6144:UNjvvJ428Ep1x9ORabeNbwsLTg6NS5zqgpsO2OT81Zuysvy:UR3J4/Ep1nzwLTg2SH2OkZuDq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f9608eb845baf71631199540514a927_JaffaCakes118

Files

2f9608eb845baf71631199540514a927_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56a933c6bfef248626e765c78eba5374

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetAtomNameA
GlobalUnlock
lstrlenA
LoadLibraryA
CloseHandle
GetTickCount
TlsGetValue
GetProfileIntA
HeapReAlloc
GetACP
HeapWalk
TlsFree
InterlockedExchange
GetStdHandle
CompareFileTime
FindAtomA
GetVersion
GetConsoleCP
WaitForSingleObject
GetModuleHandleA

user32

InflateRect
EqualRect
GetScrollRange
DispatchMessageA
SetWindowPos
SubtractRect
MessageBoxA
PaintDesktop
LoadIconA
PostMessageA
PostQuitMessage
GetWindowTextA
TranslateMessage
GetDlgItem
InsertMenuA
CreateCaret
GetMenuStringA
GetMenu
GetKeyboardLayout
EnableScrollBar
UpdateWindow
DestroyMenu
ShowWindow
SetPropA
ModifyMenuA
CopyRect
DialogBoxParamA

msi

MsiDoActionA
MsiCloseHandle
MsiEnumProductsA
MsiGetMode
MsiEnumClientsA

clbcatq

CoRegCleanup

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 640KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ