2fa5ef557e636fd67ad4be555b4827c5_JaffaCakes118

General

Target

2fa5ef557e636fd67ad4be555b4827c5_JaffaCakes118
Size

72KB
MD5

2fa5ef557e636fd67ad4be555b4827c5
SHA1

0d01476d7015e075008d62e609f5597d305992b9
SHA256

b4d4cf3aae086c7bb7e5242a5e831d02bb73cb0bac0ed8810d1f82c02ab93344
SHA512

69f2125d0502f25efb09836321636a9754ffdbff90ea1d15cda3fd3cd34627ae725ec4400cca9814de4c55afc9bf126b47b7f0415201b676bb205c23fe4abe8a
SSDEEP

768:Fpr1t7MnRLgNgtf2w80Q2oAhnBG+d28xWYYtqbuSITdLgFiPOhdpseoL4n:bLQRLW4oABzgttqCSydsF1loL4n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fa5ef557e636fd67ad4be555b4827c5_JaffaCakes118

Files

2fa5ef557e636fd67ad4be555b4827c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b2f119d95e8c55eba92478532bced84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
OpenProcess
TerminateProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetShortPathNameA
GetModuleFileNameA
FindClose
FindNextFileA
GetModuleHandleA
LoadLibraryA
FindFirstFileA
WaitForSingleObject
CreateProcessA
WinExec
SetStdHandle
ReadFile
GetOEMCP
GetACP
GetCPInfo
GetProcAddress
FreeLibrary
GetCurrentProcess
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
FlushFileBuffers
SetFilePointer
SetUnhandledExceptionFilter
MultiByteToWideChar
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
WideCharToMultiByte
LCMapStringA
LCMapStringW
HeapAlloc
HeapReAlloc
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr

user32

IsWindow
FindWindowA
SendMessageA
FindWindowExA

psapi

GetModuleFileNameExA
EnumProcessModules

shfolder

SHGetFolderPathA

shlwapi

PathFileExistsA

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b2f119d95e8c55eba92478532bced84

Headers

File Characteristics

Imports

kernel32

user32

psapi

shfolder

shlwapi

Sections

.text Size: 48KB - Virtual size: 46KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 18KB

.text
Size: 48KB - Virtual size: 46KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 18KB