8987986e1faf4575659c4bf6e1c17290_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8987986e1faf4575659c4bf6e1c17290_JaffaCakes118
Size

226KB
MD5

8987986e1faf4575659c4bf6e1c17290
SHA1

fd05245d0f2d910c7f69bd1d98dcf160657f2b87
SHA256

c6d46ab41fda7734a17be419d14525c53675a31f83a4ce2a4172f1af9193d880
SHA512

a2b0c5f2c7dc0b7fa670586dece29f8d3c73c23b864f06d5ffa70949cbc90347f4e9e54cdf136fc5403ab6919a0724be1ac6ab9c096c4c28eccf4b96f4cb0162
SSDEEP

6144:RQ8MVKgNgl63r1q8OX/ga+4NBb9NvDB7akp5J:RzGNgirIbXIa/hN7xakjJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8987986e1faf4575659c4bf6e1c17290_JaffaCakes118

Files

8987986e1faf4575659c4bf6e1c17290_JaffaCakes118
.exe windows:4 windows x86 arch:x86

12f4af1b4d28701c376bca5aec25f856

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CreateFileA
GetCurrentProcess
CloseHandle
LoadLibraryA
LCMapStringA
ExitProcess

user32

CloseWindow
CreateWindowExA
SetWindowLongA
CharLowerBuffA
wsprintfA

advapi32

RegEnumKeyA
RegQueryValueA
RegCreateKeyA
RegCloseKey
RegSetValueA
RegOpenKeyA
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA

Sections

.text
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ