4bf4ad25bd62013df2dd2bc0bae3d86a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4bf4ad25bd62013df2dd2bc0bae3d86a_JaffaCakes118
Size

575KB
MD5

4bf4ad25bd62013df2dd2bc0bae3d86a
SHA1

2a6b3514b9cdbf5fe1b819113336a50c127a543e
SHA256

3726eb7ce8e93d381ea55a0e1571f23f2589673b24f781b5b73912ee0e355a35
SHA512

6c4e2562656db2a52c44ebc8b7fc26474544a1cb60d6078d1359ddb70e493d64818c89ac9fd5f7ccf27a12b059e35e1ea9bc1bc81f44d68299f115b8d1724618
SSDEEP

12288:B2RT43jhsJKe8XiiKKPkVK3MOojCEQY6uUXYpXiOe2O:B2RTehQKlfr8OUCEv3m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bf4ad25bd62013df2dd2bc0bae3d86a_JaffaCakes118

Files

4bf4ad25bd62013df2dd2bc0bae3d86a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

796a4caa408cf5ad7659d09e42e7958d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
GetCurrentProcess
LoadLibraryA
LCMapStringA
CreateFileA
CloseHandle
ExitProcess

user32

CreateWindowExA
SetWindowLongA
CharLowerBuffA
CloseWindow
wsprintfA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegCreateKeyA
RegDeleteValueA
RegEnumValueA
RegSetValueA
RegCloseKey

Sections

.text
Size: 512KB - Virtual size: 516KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ