87dacded6cb52e51149a9d1c459ce94c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87dacded6cb52e51149a9d1c459ce94c_JaffaCakes118
Size

192KB
MD5

87dacded6cb52e51149a9d1c459ce94c
SHA1

22f6cb36f9f5cd0f98f40c0bb793c94d03a43d60
SHA256

abd0de4942ca6dd49ed3ffe955823d72d96d34efeff3f1fc328c2e78e22ec65d
SHA512

868b5fb4c30d942ead4e7902cb9c33d4a85ce42e4c2a38b207ab93292aeea16ea038519eb0b87259070c1732c9b9a8bc391963f5fece66eb7c043096e4e771ec
SSDEEP

6144:x2SsRyniTN9ms5mJyrxxhCiTxnizL53v7YYdFZOxlZc+9S8:xuAW55mod9iz97Td6x3S8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87dacded6cb52e51149a9d1c459ce94c_JaffaCakes118

Files

87dacded6cb52e51149a9d1c459ce94c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4846e1e15288f6e12b494866c2914f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
LCMapStringA
CloseHandle
GetCurrentProcess
ExitProcess
CreateFileA

user32

CharLowerBuffA
wsprintfA
SetWindowLongA
CloseWindow
CreateWindowExA

advapi32

RegEnumValueA
RegSetValueA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA

Sections

.text
Size: 138KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ