a506d1f0ddf292e7f9842f9bf92d7e61_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a506d1f0ddf292e7f9842f9bf92d7e61_JaffaCakes118
Size

180KB
MD5

a506d1f0ddf292e7f9842f9bf92d7e61
SHA1

f3c45980b903036295c57833608374e852e29b22
SHA256

4f0569e20b2413ee107913e5a482f9f2a9302f2909c1927759605399879fa0b8
SHA512

501848f1f4ff1447347d1e43bde10543d137e33db4c01b83dca41b45aba10311ddee70d9454928bef3d8aec03e267465e96eddceb45bb99156afd981a3bdde5a
SSDEEP

3072:ljEomgrn9Ub0AUdw71rp2bxjccWPU1SB9wJ0a5JsXIopxTD51OuPvL3OC:ljlRTYDUdS1rp21gcWPUiwgXlp5DDOuR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a506d1f0ddf292e7f9842f9bf92d7e61_JaffaCakes118

Files

a506d1f0ddf292e7f9842f9bf92d7e61_JaffaCakes118
.exe windows:4 windows x86 arch:x86

83bd0b49c5ab59bae735b83bcdf30a42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
GetCurrentProcess
CreateFileA
LCMapStringA
CloseHandle
LoadLibraryA
ExitProcess

user32

CharLowerBuffA
SetWindowLongA
CreateWindowExA
CloseWindow
wsprintfA

advapi32

RegCreateKeyA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegEnumValueA
RegSetValueA
RegQueryValueA

Sections

.text
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ