3e598e988bb543fea0c2c30d11ec388d_JaffaCakes118 | Triage

Sharing

General

Target

3e598e988bb543fea0c2c30d11ec388d_JaffaCakes118
Size

413KB
MD5

3e598e988bb543fea0c2c30d11ec388d
SHA1

54b0c9b6ea27e902d9c906142bcef8f71a4a0768
SHA256

446b2d559946b9ae9cef4c9eb6234401cc14f0a14da1c2374652f07c414321b4
SHA512

b0ccc48179a06d42c642d7edf455f1d879dc95c0f91c291df61dcf982e079a146a7dd8525052e43caddd5873543251422e822ef210d58b0ab941c52228e5a905
SSDEEP

6144:31+fE/xcx8J5uybal9CL4s2+a5+dvlx5jY0VQZQNp5RcPbN1AGLIKMUjaX/Vz:3EOqxKMybZmwjY0m+yx1AGLiUjgl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e598e988bb543fea0c2c30d11ec388d_JaffaCakes118

Files

3e598e988bb543fea0c2c30d11ec388d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

54cc62580d9a021239ce12d79d8dc334

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
LCMapStringA
CreateFileA
LoadLibraryA
ExitProcess
GetCurrentProcess

user32

CloseWindow
wsprintfA
SetWindowLongA
CharLowerBuffA
CreateWindowExA

advapi32

RegDeleteValueA
RegSetValueA
RegEnumValueA
RegEnumKeyA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegQueryValueA

Sections

.text
Size: 4KB - Virtual size: 736KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ