a37bb7596417cf2bcc2a6af87f0696f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a37bb7596417cf2bcc2a6af87f0696f1_JaffaCakes118
Size

216KB
MD5

a37bb7596417cf2bcc2a6af87f0696f1
SHA1

dde5a4731de8f3607445ffa6a5c15efe4326e41f
SHA256

aa87176c5990cfb9efeee4820bea20a200437e8eedd13f00a554ed008b95c262
SHA512

5cd1eed8ce348a907b59c6d53e69bff1a4cf8548bae99f2484787a28486402060ab3889567befdf99e3eb23e890fb198fcab8707b5b83f850ecf09fa5f567453
SSDEEP

6144:LM5lra893/WVcmqIFiAH1eekW9T4aaf6l6PzZw6:LM3a89ueNBAH12yVaM4b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a37bb7596417cf2bcc2a6af87f0696f1_JaffaCakes118

Files

a37bb7596417cf2bcc2a6af87f0696f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e85199f339a77b6479bc646dabb05707

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
LCMapStringA
CloseHandle
CreateFileA
ExitProcess
GetCurrentProcess

user32

CharLowerBuffA
wsprintfA
CloseWindow
SetWindowLongA
CreateWindowExA

advapi32

RegEnumValueA
RegSetValueA
RegOpenKeyA
RegCreateKeyA
RegEnumKeyA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegQueryValueA

Sections

.text
Size: 173KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ