487cbc4a38c22cc12288ddcc5e51415b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

487cbc4a38c22cc12288ddcc5e51415b_JaffaCakes118
Size

436KB
MD5

487cbc4a38c22cc12288ddcc5e51415b
SHA1

3fa4e31178cc820053020b6b2567dd48b1cbb649
SHA256

0b14d70b9f2bb27e5e4b44323f75465e8f049b2062f522b425610e1cdda34148
SHA512

ca2a8077a6bee56683cf80138bba6bcfca57ccb44a559d190a189bf835d77de1e60a315dd904202dfed125a380a880e891cc1d79c561ca1c404f84b41fbbaf72
SSDEEP

12288:b9/Ab9wnelPp2+ML9Yid/sRKLHw5nI6y1q931E:Z/ek2W9lXLeBya6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
487cbc4a38c22cc12288ddcc5e51415b_JaffaCakes118

Files

487cbc4a38c22cc12288ddcc5e51415b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8f36f00abdb465d0ea0090e7bf2ae8f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LCMapStringA
ExitProcess
LoadLibraryA
CloseHandle
CreateFileA
GetCurrentProcess

user32

CloseWindow
SetWindowLongA
wsprintfA
CreateWindowExA
CharLowerBuffA

advapi32

RegEnumValueA
RegCloseKey
RegDeleteValueA
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyA
RegSetValueA
RegQueryValueA

Sections

.text
Size: 416KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ