437d1001420d2340d7402631e13ac76b_JaffaCakes118 | Triage

Sharing

General

Target

437d1001420d2340d7402631e13ac76b_JaffaCakes118
Size

27KB
MD5

437d1001420d2340d7402631e13ac76b
SHA1

86cce9b7dd4ffb984de0a50a792fc156e3e9be07
SHA256

e298efa021e4e31bf109d50087a70346a8b5dfc3b99a22abc06c893f071703b0
SHA512

53c9c378e5cf9fec0f38bdeca8732667f1c6963825131fa68552aa45c8cefccbed187d3d8905517373ecd4e522073587f5b43583db6c39cdb9af3076b9f031ae
SSDEEP

768:DYL41akqnY999999b6m99999DM999gORrmGR3f15uc:DLak/999999b6m99999DM999tRJ3f14c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
437d1001420d2340d7402631e13ac76b_JaffaCakes118

Files

437d1001420d2340d7402631e13ac76b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4388d619cfdd801794e0790a65af5762

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\Programmieren\Codesoft Releases\_NEW BETATEST\Trojka_Crypter_2.0\Nyktalgia Version\release\stub.pdb

Imports

kernel32

lstrcpyA
lstrlenA
GetProcAddress
LoadLibraryA
DuplicateHandle
GetFileSize
lstrcatA
CreateProcessA
LoadResource
FindResourceA
LocalFree
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
ReadProcessMemory
lstrcmpA
LocalAlloc
ExitProcess
TerminateProcess
UnhandledExceptionFilter
RtlUnwind

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
GetUserNameA
RegQueryValueExA

Sections

.f0Gx
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ