f44d6e1a10adacc454ae63356b94ced7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f44d6e1a10adacc454ae63356b94ced7_JaffaCakes118
Size

95KB
MD5

f44d6e1a10adacc454ae63356b94ced7
SHA1

fa23c0b579a98fc10d82776053d1608dd6042a86
SHA256

ec37f67fbf0b97618fef043f07728c4a3475db85ead807f18562231bbcd21137
SHA512

555ccf41b7ba69a49f23bb3ae3c60255688e4076a4bbc2db375a3618cca8eb8e019358c5d3554a65f122795605b8eba9097a3edf2259dfa6cc768cfd037f57cc
SSDEEP

1536:zLl1Fn/B30x999999b6m99999DM999tbUofoIKPBl0fprlJPlzye3+a6JDn5CCTW:nlfnjTKPf8vJPlzn3+LZn5CI3WH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f44d6e1a10adacc454ae63356b94ced7_JaffaCakes118

Files

f44d6e1a10adacc454ae63356b94ced7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e9cc3864cc8e7f1855312acddf281fcc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\Programmieren\Codesoft Releases\_NEW BETATEST\Trojka_Crypter_2.0\Sp4wnY Version\release\stub.pdb

Imports

kernel32

Process32First
lstrcpyA
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
lstrlenA
GetProcAddress
LoadLibraryA
Process32Next
lstrcatA
LocalAlloc
LocalFree
CreateProcessA
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
Module32First
Module32Next
lstrcmpA
GetFileSize
ExitProcess
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
GetUserNameA
RegQueryValueExA

shlwapi

PathFindFileNameA

Sections

.f0Gx
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ