40aff6e1d4670b8a38ac12c1fa85c004_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40aff6e1d4670b8a38ac12c1fa85c004_JaffaCakes118
Size

272KB
MD5

40aff6e1d4670b8a38ac12c1fa85c004
SHA1

298460ecc66b41c9d5627a7f358107c3b4f93456
SHA256

9201949988e2692c71c15f05b44b5bb0adf5cbe7abfb468f16665ed9ce56ac70
SHA512

f599b3b4427a0d9a2a00132d34ac55ec323af5c56f5fbb78bd525178cba780fd856fcbf30c6f7a82547898ec0495c59bfba349f7a67a17cb9de26ddf85ff0a2d
SSDEEP

6144:eOFu6XuG3NG2heg1EkOgizXJMdk88V5iCPWf:Yi3NrUZ7pWCP6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40aff6e1d4670b8a38ac12c1fa85c004_JaffaCakes118

Files

40aff6e1d4670b8a38ac12c1fa85c004_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68ce8209ee0686e27efe750c92a020e9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LCMapStringA
CloseHandle
GetCurrentProcess
CreateFileA
LoadLibraryA
ExitProcess

user32

wsprintfA
CreateWindowExA
SetWindowLongA
CloseWindow
CharLowerBuffA

advapi32

RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegSetValueA
RegCreateKeyA
RegEnumValueA
RegDeleteValueA

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ