6912a25b4ae802575ce9f616a8ea8d52_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6912a25b4ae802575ce9f616a8ea8d52_JaffaCakes118
Size

612KB
MD5

6912a25b4ae802575ce9f616a8ea8d52
SHA1

ec3c8acc53ddb2e0c264656e64153d8520932095
SHA256

355454e83623a7c4a5d2ad5d4173cc26a28d72a686c840ae63af2c6ef4823bc9
SHA512

3639e26e07961b028ddb607be0af68f79f737596217e6716d50d37dbeeb1d672c563617c2740d6d746695fee8cc59ddab4b705a774a08c16b6a4399ee2f784c9
SSDEEP

12288:AxJ2PcQaCmePt8sPR1zEaAAwhJd5blTDryVqXV2oCTI2IO6X4yQ:A6qve18k1IaAAwhJfRryVqPCEm6X8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6912a25b4ae802575ce9f616a8ea8d52_JaffaCakes118

Files

6912a25b4ae802575ce9f616a8ea8d52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ec1308da49dd2e24805f607a63ba3b98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CreateFileA
ExitProcess
LCMapStringA
CloseHandle
LoadLibraryA
GetCurrentProcess

user32

SetWindowLongA
CharLowerBuffA
wsprintfA
CreateWindowExA
CloseWindow

advapi32

RegCloseKey
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyA
RegOpenKeyA
RegQueryValueA
RegSetValueA
RegDeleteKeyA

Sections

.text
Size: 508KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ