9706de0db2761a9e6fd10cfe3d1c8961_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9706de0db2761a9e6fd10cfe3d1c8961_JaffaCakes118
Size

288KB
MD5

9706de0db2761a9e6fd10cfe3d1c8961
SHA1

631286743f46c5afb50ba30d6db92e9c6f9cb693
SHA256

97e3aedde9eac0543b53312f327339a7b3a4d5806ffb00bf05536cbfea10b5fb
SHA512

961630e7be6bd31c33a02021ea8b03088c4f8351824e2bcf942d5476696fd028b7810a880f45fac0c1cf77b9074cdf7f7024f612a251203a05bd657777075ea9
SSDEEP

6144:oPsGOIE324BRds00FmHXKo0ZtA+BgNAAQ2CNBwIEAODvKOPfaBV8SEyYBayX5N:UssUdlmA+BgNTQ2CNgNmOaBdYkM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9706de0db2761a9e6fd10cfe3d1c8961_JaffaCakes118

Files

9706de0db2761a9e6fd10cfe3d1c8961_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7a12123bcd83cd28daf8678bc9ab9a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
LoadLibraryA
ExitProcess
CreateFileA
GetCurrentProcess
LCMapStringA

user32

wsprintfA
CloseWindow
CreateWindowExA
SetWindowLongA
CharLowerBuffA

advapi32

RegCloseKey
RegDeleteKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegSetValueA
RegCreateKeyA
RegDeleteValueA

Sections

.text
Size: 268KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ