0dc36b9617cb6e9bb8d4134f837c251d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0dc36b9617cb6e9bb8d4134f837c251d_JaffaCakes118
Size

194KB
MD5

0dc36b9617cb6e9bb8d4134f837c251d
SHA1

11570c6861118a1dd0433e96b8e55aeea17dcdb2
SHA256

a8d4a1ffcd8bd93f8c12fed7a83ef89775bc6e6b5b14009e600827f5543784ad
SHA512

11640df5d0ee131b733aa67a7dc8e1b46492221097078dd31a8feda81dc9784f785c33fe4c3c4f5c4f47843dae741a9722d65eeecbdf5312d1ac3885a0d1d7f4
SSDEEP

6144:M8tvuJDDUpZ6KWXTuOBXnwQnwTjgXp8RSjyYJy:f6DugKWrXwnjgGn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0dc36b9617cb6e9bb8d4134f837c251d_JaffaCakes118

Files

0dc36b9617cb6e9bb8d4134f837c251d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4022eee35b6ff607cef452cfadae1ac1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
ExitProcess
CloseHandle
GetCurrentProcess
CreateFileA
LoadLibraryA
LCMapStringA

user32

wsprintfA
CloseWindow
CreateWindowExA
SetWindowLongA
CharLowerBuffA

advapi32

RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegDeleteValueA
RegQueryValueA

Sections

.text
Size: 118KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ