fb504f2470714e625dd92994378ff2c3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb504f2470714e625dd92994378ff2c3_JaffaCakes118
Size

140KB
MD5

fb504f2470714e625dd92994378ff2c3
SHA1

06b4a7edf47cac90153eb6a82dae0463bc890c12
SHA256

877686b6a1bb119cdf72f8ef7b1eb5ef5d759a92bd423e313c2176d3af8f61b2
SHA512

b9496c37da6db93820262f30fd7bb07febb130641c8f0bde508e01c99b7f19d6cdc68d0caed0fdff7c5a3002efcb9cd2a1d46c961aafa36bdfa139508e0f1963
SSDEEP

3072:EwMZfH57X91GBo0brekfzZRNQczjxP8rqJ+pXMx1Sw8xWj2zBsSh7IsTUW:up5vQbieRrzjSWJnxsbxWo17vT9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb504f2470714e625dd92994378ff2c3_JaffaCakes118

Files

fb504f2470714e625dd92994378ff2c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3f7d0d50fe98cab5f76634815300097

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
GetCurrentProcess
LoadLibraryA
LCMapStringA
CreateFileA
CloseHandle
ExitProcess

user32

SetWindowLongA
CharLowerBuffA
wsprintfA
CreateWindowExA
CloseWindow

advapi32

RegSetValueA
RegCloseKey
RegOpenKeyA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryValueA
RegCreateKeyA

Sections

.text
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ