0640be1e277a530ac451f9347656959c_JaffaCakes118 | Triage

Sharing

General

Target

0640be1e277a530ac451f9347656959c_JaffaCakes118
Size

1.6MB
MD5

0640be1e277a530ac451f9347656959c
SHA1

e077d56e6731667a0d01f356ef35b148acd00ae3
SHA256

23cf7d05ad1f632ea174b0b3fdf289a1840b34f203e891d705ae0690acbdcd65
SHA512

3515e98e86a7fd6f992d6253a1fa1bcf680c31099716cef919d1ae56ea70b407692df2b71648b161a4c1106a0a80b1a81f19cb24146c634d552eb3ee66cb57fd
SSDEEP

24576:RqLh8wr2uOpiR8PWVIEvDMtm18ca/Z7VykrcgU2mdG3rV4zTHQkolFm5JXd+6LXA:ULh85ps3gDZ7Vykog/qPHQk6x6LYUmc4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0640be1e277a530ac451f9347656959c_JaffaCakes118

Files

0640be1e277a530ac451f9347656959c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3509f104b2149617a130eada88b159a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\Programmieren\Codesoft Releases\_NEW BETATEST\Trojka_Crypter_2.0\Gamehunter Version\release\stub.pdb

Imports

kernel32

CreateFileA
lstrcatA
GetSystemDirectoryA
Module32Next
Module32First
Process32Next
Process32First
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
GetProcAddress
CloseHandle
GetFileSize
LocalAlloc
LocalFree
GetCurrentProcess
CreateProcessA
CheckRemoteDebuggerPresent
ContinueDebugEvent
WaitForDebugEvent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrcmpA
ExitProcess
lstrlenA
LoadLibraryA
lstrcpyA
TerminateProcess
RtlUnwind

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
GetUserNameA
RegQueryValueExA

shlwapi

PathFindFileNameA

Sections

.f0Gx
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ