158ea0da7db8b8192aadcbff5d136935_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

158ea0da7db8b8192aadcbff5d136935_JaffaCakes118
Size

206KB
MD5

158ea0da7db8b8192aadcbff5d136935
SHA1

b4cc32aac1a7ac2aaf001de1de2d97f285e170a3
SHA256

6ed279681a3826292d62be6ff24c34d9c112f371069f719b2301667d84ce70a3
SHA512

6f0df2ab586b1e388a9aaeb562f7093eb8f953b049389fe897d6313c58ab37142024455e3d5b15ae2c52bc9c8dd0ffc58c0bb61af03d3bc908e435dfd4b3601f
SSDEEP

6144:MWKuqxIfXneeOGgslXpaA3vtZacmsRTiNpi:hqxI/OGgsN1ZacmATiNY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/key corelx5/keygen.exe

Files

158ea0da7db8b8192aadcbff5d136935_JaffaCakes118
.rar
key corelx5/keygen.exe
.exe windows:4 windows x86 arch:x86

29db3ad3a02b4808b1332e0e02883a01

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

TextOutA

msimg32

AlphaBlend

Sections

CODE
Size: 200KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE