681a2521bed6258855370c5a0d6dcd06_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

681a2521bed6258855370c5a0d6dcd06_JaffaCakes118
Size

180KB
MD5

681a2521bed6258855370c5a0d6dcd06
SHA1

6cbc242fba7c2e5f17aafaf2c36542c4de8bd236
SHA256

f3d70829a84e27f7f87f2c8cf8bfde265cc39715ceafc6e83cbd7e2885e37394
SHA512

cfbe0c39355101140ac6f70e00299fb9562dedd4cc92afb99b59229ad8e8cdfbd945daec84559e18e62614528126454218df148e2918b791dc8c1ea67b2534f4
SSDEEP

3072:MH6hbIhflTT6cfgJcXVsWtttQPTOL1fEU8uqd+zblVRfuaYa:CffJTvll9QPTOL1zq8h/fu7a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
681a2521bed6258855370c5a0d6dcd06_JaffaCakes118

Files

681a2521bed6258855370c5a0d6dcd06_JaffaCakes118
.exe windows:4 windows x86 arch:x86

366b868e0f9029f6327318f4a7f9d36c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
CloseHandle
ExitProcess
LCMapStringA
GetCurrentProcess
CreateFileA

user32

CreateWindowExA
CharLowerBuffA
CloseWindow
wsprintfA
SetWindowLongA

advapi32

RegCloseKey
RegDeleteKeyA
RegSetValueA
RegEnumValueA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegDeleteValueA

Sections

.text
Size: 160KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ