99f463bd4e9eb351406a388d77ece9b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99f463bd4e9eb351406a388d77ece9b7_JaffaCakes118
Size

186KB
MD5

99f463bd4e9eb351406a388d77ece9b7
SHA1

b1dc12322722fa3a3aa70742fe0aa2c6a06b3042
SHA256

4f8ae6fcbd75ab3792e6af7831fdd1a0bc434ce7a05e9d3bf9a1956e4772c2d1
SHA512

72409a1ca3ba70bfc7a8dedaa1341939542a0802109541c9baed920b24002f76ac621a8c1bc1ec56b993b485dd214ffa398902d4d1634179197d28a7d5b4bbec
SSDEEP

3072:yLqu2F/LGxO8qH+ryMJhksyJ80aTJZGWD4k8mg4rgj/moFPeIQ1ApjcqTG:yLqu2MxO84MhksyJ8DT+s4zmZbkFp5q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/All.Nidesoft.Products.July.2007.READNFO_KEYGEN-FFF/Keygen.exe

Files

99f463bd4e9eb351406a388d77ece9b7_JaffaCakes118
.zip
All.Nidesoft.Products.July.2007.READNFO_KEYGEN-FFF/FFF.NFO
All.Nidesoft.Products.July.2007.READNFO_KEYGEN-FFF/FILE_ID.DIZ
All.Nidesoft.Products.July.2007.READNFO_KEYGEN-FFF/Keygen.exe
.exe windows:4 windows x86 arch:x86

0325fffcedf4b01f9ef8a68d3cb5d884

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

TextOutA

winmm

waveOutGetPosition

Sections

CODE
Size: 174KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
keygen.nfo