253c5c1f75aa913f1f04eae12596b9ed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

253c5c1f75aa913f1f04eae12596b9ed_JaffaCakes118
Size

704KB
MD5

253c5c1f75aa913f1f04eae12596b9ed
SHA1

c0174e9fa03cb7c4fc3f28ad2f38c39f3c798e56
SHA256

cbdb870c0c5b67946d2c52c55b2fed3c1cf752124486cf6f117a01f49f9c1da5
SHA512

04e2cc42f50b3442d359f4a73cdf0103811b549b480814faf79517569ab9862e06efa828e798a0da8e7e306aed38b21910c39ec34c7156d5b182285a356b5ff1
SSDEEP

12288:HgS2xKX4NNUmP98lj6ucgXRet29nQCgOwfOVSyiksyPIy90w:HddiR18h5cAQqQFOwGVSsjwy3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
253c5c1f75aa913f1f04eae12596b9ed_JaffaCakes118

Files

253c5c1f75aa913f1f04eae12596b9ed_JaffaCakes118
.exe windows:6 windows x86 arch:x86

73bd09d591b611899a1aebab1616e13e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LCMapStringA
GetCurrentProcess
LoadLibraryA
ExitProcess
CreateFileA
CloseHandle

user32

CharLowerBuffA
SetWindowLongA
wsprintfA
CreateWindowExA
CloseWindow

advapi32

RegEnumKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueA
RegCreateKeyA
RegDeleteKeyA
RegCloseKey
RegSetValueA
RegDeleteValueA

Sections

.text
Size: 608KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ