0de782a165457f1b0def2fa56ea0b1be_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0de782a165457f1b0def2fa56ea0b1be_JaffaCakes118
Size

168KB
MD5

0de782a165457f1b0def2fa56ea0b1be
SHA1

18db34107335a68331914152d84749c1e7480d53
SHA256

a1f43e0a3bd5696429f8bb95fdab9cd268b7f13da85d454c47c2f9f5ecb1b26d
SHA512

2c706f06aded1a071c6af7ed3ef3e7a10777fe0e38801219212fc2841d11c1a87329227249130da92cecdf13d014a00ab3bcfaf381ae6c43e591d0d82c130a31
SSDEEP

3072:mfJo+1xDyYaLuMi8NDsZFRzh8AWhWXqmcDtgdvGD4M9/FSc1jt40J:gd1ByuyNYfRz0AVk9jjt40J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0de782a165457f1b0def2fa56ea0b1be_JaffaCakes118

Files

0de782a165457f1b0def2fa56ea0b1be_JaffaCakes118
.exe windows:4 windows x86 arch:x86

612a72afe58d992be45cb8a89fa32222

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
ExitProcess
LCMapStringA
GetCurrentProcess
LoadLibraryA
CloseHandle
CreateFileA

user32

SetWindowLongA
CloseWindow
CharLowerBuffA
wsprintfA
CreateWindowExA

advapi32

RegQueryValueA
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegOpenKeyA
RegCloseKey
RegEnumKeyA
RegSetValueA

Sections

.text
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ