3b07608e88eb400243409d595e97a774_JaffaCakes118 | Triage

Sharing

General

Target

3b07608e88eb400243409d595e97a774_JaffaCakes118
Size

1.3MB
MD5

3b07608e88eb400243409d595e97a774
SHA1

8d78c9e82a18dcd066e21729220436df414ecfbb
SHA256

1b0ad9512800757cb1c438ea0a5f0c1eaafa27f5178012e0cb4afb6d5069585a
SHA512

b19c5424991048bd6b5bd5510f3b4ec38eb0cb5cbef1b3344ca4d99ace08c3e6c1d40a55edcbe07e30e2c7a86f914e09b4fd50b903a65dec020a4e8f5ff8e524
SSDEEP

24576:LZAfSEVJFnsBpnJ4oHcaQ5hTvkIFJkAo0iWdyLFD5Y:2fSEVJFnmJ4uRQXTvVo0lkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b07608e88eb400243409d595e97a774_JaffaCakes118

Files

3b07608e88eb400243409d595e97a774_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3c399d245471f31a0e15cad31f10ac47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
LoadLibraryA
ExitProcess
GetCurrentProcess
CreateFileA
LCMapStringA

user32

CloseWindow
CharLowerBuffA
CreateWindowExA
wsprintfA
SetWindowLongA

advapi32

RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegDeleteValueA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegCloseKey
RegSetValueA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gbss
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE