6a43fac473fdee815f832e113a49de5a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a43fac473fdee815f832e113a49de5a_JaffaCakes118
Size

246KB
MD5

6a43fac473fdee815f832e113a49de5a
SHA1

3703a5e9de612db01f830504b61446e0dacad877
SHA256

1af1cc3d8a056eb695aa0f05b3c3c08e1b2b3c4ec18e9fabb9deba88b0f68c33
SHA512

0a2027222c9c9c02ac06d206cac2db23fec487b7bac2b60265dabb46337d22693fe72ade5d9350e2d51c90ca5a2f9353946feb4b22419096e56605103767452d
SSDEEP

6144:zKr5cYUTXeJWo0mjYXLTGZHLb5hFYfSijDmAeJUQsGiEjZQPr:z2Uze/0VTGBLlheleJzsGiE2Pr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a43fac473fdee815f832e113a49de5a_JaffaCakes118

Files

6a43fac473fdee815f832e113a49de5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c16af3f1adbf4617d1c5b744022b144

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Heap32ListFirst
Module32First
VirtualProtect
CreateFileA
WriteFile
VirtualFree
Sleep
VirtualAlloc
Heap32First

user32

GetMessagePos
PostMessageA

wininet

InternetCloseHandle
FtpPutFileA

ole32

CoInitializeEx
OleInitialize
CoInitialize

advapi32

RegQueryValueA
RegQueryValueExA
RegEnumValueA

Sections

pQHMAlld
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

FRVcGBkN
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DXfFzsTj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RPgrnVsM
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE