a4e9ccc81ef25e71ae36d07d639fc604_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4e9ccc81ef25e71ae36d07d639fc604_JaffaCakes118
Size

20KB
MD5

a4e9ccc81ef25e71ae36d07d639fc604
SHA1

ce031df447f965b73066a41e7dad5a1003b2c483
SHA256

c5b519f8f2ec0b4c0a4da25749337324d24615859f7006d1990ab953cd1fb92d
SHA512

cee35c3e19592bfdeb935665431ebd392aee8e0880d67762a0a2eb6c2d70016d094857de5095a0e09c1e28b8b6273310c6c7f9729b24da1805d45570f91a84eb
SSDEEP

384:HGv8KU4EbQ0QsePp/Wx8Qpkw8qc999999b6m99999DM999rk3gmsf6:m8KUxbQ0QseP1cZkwnc999999b6m999/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4e9ccc81ef25e71ae36d07d639fc604_JaffaCakes118

Files

a4e9ccc81ef25e71ae36d07d639fc604_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfbb1622fdf8684e217fc6b802a59f31

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

o:\Programmieren\Codesoft Releases\_NEW BETATEST\Trojka_Crypter_2.0\funkVersion Version\release\stub.pdb

Imports

kernel32

GetShortPathNameA
GetProcAddress
VirtualAllocEx
LoadLibraryA
GetThreadContext
LocalAlloc
CreateFileA
GetFileSize
FindResourceA
lstrlenA
GetModuleFileNameA
GetModuleHandleA
LoadResource
GetEnvironmentVariableA
GetCurrentProcess
GetTempPathA
LocalFree
ResumeThread
lstrcpyA
WriteFile
ReadProcessMemory
CreateProcessA
CreateRemoteThread
DuplicateHandle
WriteProcessMemory
IsDebuggerPresent
SetUnhandledExceptionFilter
lstrcatA
ReadFile
CloseHandle
lstrcmpA
UnhandledExceptionFilter
TerminateProcess
RtlUnwind

user32

MessageBoxA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.f0Gx
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ