29b9dcc63626f4c47dad498e916045b6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

29b9dcc63626f4c47dad498e916045b6_JaffaCakes118
Size

572KB
MD5

29b9dcc63626f4c47dad498e916045b6
SHA1

d6112be7869af8c20a656f35906d8c070a5bd670
SHA256

18471a4f6f0d96fd16d641e30554a793afdfa56aafc2dcdf4ce6d3c909f5a9db
SHA512

927540a9808387a5dc43634c1a651f149749c367f609ca9d0c093996c5732d3f9a07a8071242b4dfb8346a27e1294e076035fd94469a84969c42b0848447f7b0
SSDEEP

12288:HnxhPowldxvxZmHUB1JWzeKxo0LF3t2zEOl8SSf21:4sDG0Ked0z2zfl8pf21

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29b9dcc63626f4c47dad498e916045b6_JaffaCakes118

Files

29b9dcc63626f4c47dad498e916045b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82a1952c29d288c0d70a6c3cdd26bc28

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
GetCurrentProcess
ExitProcess
CloseHandle
CreateFileA
LCMapStringA

user32

wsprintfA
CloseWindow
CharLowerBuffA
SetWindowLongA
CreateWindowExA

advapi32

RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
RegQueryValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyA
RegEnumValueA

Sections

.text
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ