46939397628bcf22353ba9c24598a7a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

46939397628bcf22353ba9c24598a7a3_JaffaCakes118
Size

228KB
MD5

46939397628bcf22353ba9c24598a7a3
SHA1

4202324e4b83f92e1750aee951bfaa1098c99283
SHA256

2e852d557a445b29ababb7fd05389f1ad95c166acdf8a5e3d9cbcde7c4271150
SHA512

1fdcf65d16978cc8217cb8d37266560a304a2194aee0be1cdf5913f4b435dc71fa0d0da827f07e04278ed39c7c5a3e27a814410a15705e41be8bf2183adaf936
SSDEEP

6144:roC8Od+iPQhgw1g+XtbXmXUjb+n/z89EHvJYtLcoD+UBEvb/ZDIEG:ECluggtuUjb+49ExSLLDBUbhQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46939397628bcf22353ba9c24598a7a3_JaffaCakes118

Files

46939397628bcf22353ba9c24598a7a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6a992a7e0fec2e6a6046c2b0f09c785a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree
ExitProcess
GetModuleHandleA

advapi32

RegCloseKey

comctl32

ImageList_Add

gdi32

BitBlt

user32

ActivateKeyboardLayout

ole32

IsEqualGUID

oleaut32

SysAllocStringLen

Exports

Exports

@@Unit1@Finalize
@@Unit1@Initialize
_Form1
__GetExceptDLLinfo
___CPPdebugHook

Sections

pec1
Size: 160KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE