bd6bb16bc45cbe500e12590d1cf7a407_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd6bb16bc45cbe500e12590d1cf7a407_JaffaCakes118
Size

216KB
MD5

bd6bb16bc45cbe500e12590d1cf7a407
SHA1

c03e6ae66ce0cc8c06adfa8b3e8aec63336ee7d6
SHA256

8308bcb5a014f2379f1f316902947f640a7dcb5efb7837bae04d5114e0edcc05
SHA512

06cb30a59be72affa5f19e0f343f8ed3e6de29c9995bf74d15991ff3d579cbc0378fa04b7b6bd857516595c2147559dacd74caed54adb8da13201daab9c60424
SSDEEP

6144:ZP32d4vQ1/sYJAok1IOrleNvL3Zykw2Cp0HcgbP+6G:BdCEE5yeNvL3vYidblG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd6bb16bc45cbe500e12590d1cf7a407_JaffaCakes118

Files

bd6bb16bc45cbe500e12590d1cf7a407_JaffaCakes118
.exe windows:5 windows x86 arch:x86

77182b39160344facfc36ee669c4245d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
GetCurrentProcess
LCMapStringA
CloseHandle
CreateFileA
LoadLibraryA
ExitProcess

user32

CharLowerBuffA
CreateWindowExA
wsprintfA
CloseWindow
SetWindowLongA

advapi32

RegDeleteKeyA
RegQueryValueA
RegSetValueA
RegEnumValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyA
RegDeleteValueA
RegCloseKey

Sections

.text
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ