6826e78631cf08bd4f4028f1313e8a2c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6826e78631cf08bd4f4028f1313e8a2c_JaffaCakes118
Size

245KB
MD5

6826e78631cf08bd4f4028f1313e8a2c
SHA1

c45f03e3a6a9e2287e5fffb2e0c15801a60f53fd
SHA256

79c8895697e180ca138fbbbeed37745b3945d12604d3dbe898be143e87d0c3df
SHA512

8ed09483329e72d2b5e593d811b82073ef7197ce1100aac12cd9b6447139c9c3731529fb983b79dfa2439ce52aa5572d6a8eb1424c67b45234b3c2002edf16ef
SSDEEP

6144:aLjQViq3UJOu+R+nqCSOkv5WBL6taqaS7GKCPvaKNKe8WE7uvc:aYqJtUAsTCKaCKsN6E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6826e78631cf08bd4f4028f1313e8a2c_JaffaCakes118

Files

6826e78631cf08bd4f4028f1313e8a2c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c29f122b91408f8832811d821c74ff5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_SYSTEM

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CreateFileA
CloseHandle
LCMapStringA
GetCurrentProcess
LoadLibraryA
ExitProcess

user32

wsprintfA
CharLowerBuffA
CloseWindow
CreateWindowExA
SetWindowLongA

advapi32

RegEnumKeyA
RegEnumValueA
RegCreateKeyA
RegCloseKey
RegSetValueA
RegDeleteValueA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA

Sections

.text
Size: 199KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ