f7bdd92709ab8bfc40ffc2788bf9b159_JaffaCakes118 | Triage

Sharing

General

Target

f7bdd92709ab8bfc40ffc2788bf9b159_JaffaCakes118
Size

517KB
MD5

f7bdd92709ab8bfc40ffc2788bf9b159
SHA1

0d3f93b8b45e4ee86783cf4da59bad8ba63f2749
SHA256

e25615d4ea4c13728d4aee701b684cb428cd1c11673f2fec0ad4025e1991dca4
SHA512

3cc71f39525b227a376f4c5b274d0502cfb9f1f2731ceca66b14fad437903e472f17f8db81c08842fbfd97601b734455e5e4a2cb2d7a8b38f582c4b9ed2cbfbf
SSDEEP

12288:WJX3w7YmN7SzZPKyVqmYbhdVyoBSx63LcRqFD2WRHZHVMBjHB66cbWSKohO:WJX3LmN7wdKyV+hHRSxw2QpVihdc6S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7bdd92709ab8bfc40ffc2788bf9b159_JaffaCakes118

Files

f7bdd92709ab8bfc40ffc2788bf9b159_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b1552a65688040e66035ba049a8dd25a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

user32

GetDC

shell32

ShellExecuteA

gdi32

BitBlt

advapi32

RegCloseKey

comdlg32

GetOpenFileNameA

Exports

Exports

AddMsg
CloseFileMapping
CloseFileMapping_readonly
GetPatcherWindowHandle
GetPluginDataMemory
GetRegDword
GetRegString
LoadFileMapping
Reg_Delete_Value
SearchAndReplace
SetRegDword
SetRegString
write_disk_file

Sections

.MPRESS1
Size: 475KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE