3c170781b699edbee9827dd7463ff7f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c170781b699edbee9827dd7463ff7f1_JaffaCakes118
Size

340KB
MD5

3c170781b699edbee9827dd7463ff7f1
SHA1

d74364d3652b37f292579ed97526f84b4835588f
SHA256

9d434ee6e9419ba63c03d35ffae4c6d17a4f4cd1e389ef4b601d9c278c8bd435
SHA512

06dc053c3734468cc5f9b04181d97a845187aea7b3104f45efbee22b54257e064d8ba5e2d3de9cfdad52397a21e875612e61073a44107c34c74eb332f58afd87
SSDEEP

6144:oNKKJY8eD8VonwzI/9BR0ok8lupbeMZaZ2GjFJFyifaJOx8fo4Jfb6j+JhsE6vM:oNKMeD8VonN0JpbeH1rpfaJjNJ2qkE6k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c170781b699edbee9827dd7463ff7f1_JaffaCakes118

Files

3c170781b699edbee9827dd7463ff7f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

822ab78c432d580c7908e8e26dae63bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CreateFileA
LoadLibraryA
GetCurrentProcess
CloseHandle
LCMapStringA
ExitProcess

user32

CreateWindowExA
CloseWindow
CharLowerBuffA
SetWindowLongA
wsprintfA

advapi32

RegDeleteValueA
RegQueryValueA
RegCreateKeyA
RegCloseKey
RegDeleteKeyA
RegSetValueA
RegEnumValueA
RegOpenKeyA
RegEnumKeyA

Sections

.text
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ