23287e9dd772ede5d0e2f3d25bd7c030_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

23287e9dd772ede5d0e2f3d25bd7c030_JaffaCakes118
Size

225KB
MD5

23287e9dd772ede5d0e2f3d25bd7c030
SHA1

fc5fd20709ffb37eeea5195ac09e0ff69533a676
SHA256

2a7d52603268e5d2af36048698399cfe352f3b6d788a22b61eef212e317b5678
SHA512

eb0b940f1d88b3830285e53b2468c2eee006169a2488c1d21081bf2702b2a444121ec188d2e47bed4d03e5e4cdaba3e5ee2bcc92dcc92232ad868f3b10496e8b
SSDEEP

6144:ZSbTNEv7jw/Zn3CGaJWSI8IFcpHScZwf7O:Zys7E/9SGaBtwUHReO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23287e9dd772ede5d0e2f3d25bd7c030_JaffaCakes118

Files

23287e9dd772ede5d0e2f3d25bd7c030_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f81dd8c6d4fde5e131088407de417d2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
GetCurrentProcess
ExitProcess
CreateFileA
CloseHandle
LCMapStringA
LoadLibraryA

user32

CharLowerBuffA
CreateWindowExA
CloseWindow
SetWindowLongA
wsprintfA

advapi32

RegDeleteValueA
RegQueryValueA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegCloseKey

Sections

.text
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ