15d92395da5613a5ae49c18297893470_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

15d92395da5613a5ae49c18297893470_JaffaCakes118
Size

205KB
MD5

15d92395da5613a5ae49c18297893470
SHA1

05595331d17f7ffe699dfd7b8c37f9341225fe36
SHA256

f6400ab9062a32f437976d339d596eb39681280108be2b7848536485c231f56f
SHA512

a143f59556fab1943285d00656f14161cce0370eaa89d1989e341ebe95356ed5014928a69dd64fc0c7b8317cc898a26d128f7f2cdb51a0f89bc01ab617ebc0b3
SSDEEP

3072:4XGVZb8n+iws4CF68HBC1kKGrE/neWavJPhufs/Dx3XegjBIkgZfYU:4A6njw/+YnePxPhufSnVBIXZwU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15d92395da5613a5ae49c18297893470_JaffaCakes118

Files

15d92395da5613a5ae49c18297893470_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ab3ecbbb002649c8e574bd90ddd13a79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
LCMapStringA
ExitProcess
CloseHandle
GetCurrentProcess
CreateFileA

user32

CreateWindowExA
CharLowerBuffA
CloseWindow
wsprintfA
SetWindowLongA

advapi32

RegDeleteValueA
RegOpenKeyA
RegEnumValueA
RegSetValueA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyA
RegCloseKey
RegQueryValueA

Sections

.text
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ