0ec9e38ffd3795422554d6036c810558_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ec9e38ffd3795422554d6036c810558_JaffaCakes118
Size

46KB
MD5

0ec9e38ffd3795422554d6036c810558
SHA1

29cf88780acbf94bccf292caf4ce999a8fed5cfa
SHA256

29f454afc4d81be97f043fea434e6bcda1a293a339358c06c47118fa5622c1a8
SHA512

f817a1f09b3837434b70440db71af317642c7fbc1ad000584a69dbd366f811b719f70baea4260eae753780a23adeda95af529d5189030e38960369825ae68b4c
SSDEEP

768:Z+Nqlm7jd3jY999999b6m99999DM999gOz6uR3C2e0cbkPiJiljMUDUJiJrwJs0R:Z+ggfO999999b6m99999DM999tzlXSki

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ec9e38ffd3795422554d6036c810558_JaffaCakes118

Files

0ec9e38ffd3795422554d6036c810558_JaffaCakes118
.exe windows:4 windows x86 arch:x86

604d61066f9eb8f0cb5b081d805d1b04

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\Programmieren\Codesoft Releases\_NEW BETATEST\Trojka_Crypter_2.0\funkVersion Version\release\stub.pdb

Imports

kernel32

lstrcpyA
Process32First
Module32First
Process32Next
ReadProcessMemory
CreateProcessA
ReadFile
lstrcatA
GetProcAddress
LoadLibraryA
LocalAlloc
GetThreadContext
DuplicateHandle
Module32Next
CloseHandle
GetFileSize
FindResourceA
GetTempPathA
LocalFree
lstrlenA
ResumeThread
LoadResource
GetCurrentProcess
CreateRemoteThread
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateToolhelp32Snapshot
GetModuleHandleA
GetModuleFileNameA
CreateFileA
lstrcmpA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

user32

MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shlwapi

PathFindFileNameA

Sections

.f0Gx
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ