865d676efbb4b98e0d60f93e5a397274_JaffaCakes118 | Triage

Sharing

General

Target

865d676efbb4b98e0d60f93e5a397274_JaffaCakes118
Size

2.0MB
MD5

865d676efbb4b98e0d60f93e5a397274
SHA1

06770e21fcd690b2a7f9a66e8a84396f95c6b4db
SHA256

3c2a266e17eb63a3a2781788e55c6b6894914fe2c1a10013a63e03e5b96d945e
SHA512

30d633559a4ae373c170e8e577ba79c4b502b29da94f857656d6fcf168ddabf48ef0c06a8d82e58c3c37de969f388bea1ccdaac9574c8299298326c51d881f81
SSDEEP

12288:iVhx2CnCLxnfZLj2mWcXi4LwE3FS6Ikjl/++NELVOAdueXv:FBxBfDS4nPFjl/+0sd9v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
865d676efbb4b98e0d60f93e5a397274_JaffaCakes118

Files

865d676efbb4b98e0d60f93e5a397274_JaffaCakes118
.exe windows:4 windows x86 arch:x86

337e8fbb8c4b98191a6f624378cb734a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LCMapStringA
CloseHandle
LoadLibraryA
GetCurrentProcess
CreateFileA
ExitProcess

user32

SetWindowLongA
CharLowerBuffA
wsprintfA
CreateWindowExA
CloseWindow

advapi32

RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegDeleteKeyA
RegSetValueA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegDeleteValueA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ