3baa386677f7de0deb72a9c32a22c591_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3baa386677f7de0deb72a9c32a22c591_JaffaCakes118
Size

189KB
MD5

3baa386677f7de0deb72a9c32a22c591
SHA1

792ff7d40acf68a59da06b0c75a8c1100def90d2
SHA256

4ace612257760c478ed70f16cef8068367e33ede395890251dfad284743ab5d7
SHA512

19a77758ec7765f924898aea49f27c487ddbf85597e8a9bc60f777a6de06dbc9a7005e94bc81d5b6f23a57b4412429601fd2b0db1b3e229c3c97414406fe2089
SSDEEP

3072:CMtAGRSuI/S2wIZWUP+cr/iS//oXnwUBSsecu5rlxXFwkSUzl9oRI4y6:59RmjfZWTs3QXwUBtecqRxVAUzDKIj6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3baa386677f7de0deb72a9c32a22c591_JaffaCakes118

Files

3baa386677f7de0deb72a9c32a22c591_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c939fe2704efc433fdad8540b62bfb3e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
GetCurrentProcess
ExitProcess
LoadLibraryA
CreateFileA
LCMapStringA

user32

wsprintfA
CloseWindow
CharLowerBuffA
SetWindowLongA
CreateWindowExA

advapi32

RegCloseKey
RegDeleteKeyA
RegEnumKeyA
RegDeleteValueA
RegOpenKeyA
RegQueryValueA
RegEnumValueA
RegCreateKeyA
RegSetValueA

Sections

.text
Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ