4ce69921f52769d6003405b638375e83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ce69921f52769d6003405b638375e83_JaffaCakes118
Size

512KB
MD5

4ce69921f52769d6003405b638375e83
SHA1

e40105ce7c2baa1f0d059b6613f21d3d547d78c7
SHA256

a2d59666c29934de74394e554575aebb28db40880cacdd55e4ec85170ce2f299
SHA512

7b6c39898e0816e34f722b3080f434f9e1d3cdb9cde6b905e183ee629a0595fe75db3bd0e3481378506f7707775889001318290c315f952a2f021c232823e332
SSDEEP

12288:kGCwLI4sdbXSpz/KRzicnAxa4lAsuyN2Rl6Ju1vj:dU4sd+prKHAxa6lNVS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4ce69921f52769d6003405b638375e83_JaffaCakes118

Files

4ce69921f52769d6003405b638375e83_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bc6491cecfb809d384b7695f47228a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LCMapStringA
GetCurrentProcess
CloseHandle
ExitProcess
LoadLibraryA
CreateFileA

user32

SetWindowLongA
CreateWindowExA
CloseWindow
CharLowerBuffA
wsprintfA

advapi32

RegEnumValueA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegDeleteValueA
RegSetValueA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 466KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pbukfdx
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE