badc8c6b4057eecc3a685e7acfc9f0c7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

badc8c6b4057eecc3a685e7acfc9f0c7_JaffaCakes118
Size

64KB
MD5

badc8c6b4057eecc3a685e7acfc9f0c7
SHA1

fe3c0d1f4dc49c764381c4d72f8ceec68fe617c8
SHA256

5b5c8336f065578838359184da07eeb29a919975858f3e46bbdbd5cb69e42105
SHA512

cb588e4700a2d307da8ff20a30b4c7933298f132755f1616224b350f5eef8015181104f675ce1463d40480b22989a2252d24963b41ae11d15087f7f96fd98ea7
SSDEEP

768:fmTVNT5As/87kIL6edR8V1RTW8Jk05wqkbO8jBsLGeH/in9kiF6JJYZ:fmTuFonpTk05dqWfin9ki+YZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
badc8c6b4057eecc3a685e7acfc9f0c7_JaffaCakes118

Files

badc8c6b4057eecc3a685e7acfc9f0c7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

85fd71717e8584d547a4dbd71f299ed0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenMutexA
OpenEventA
CloseHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegOpenKeyA

msvcrt

free
malloc
fclose
fopen
strncpy
_stricmp
strrchr
__CxxFrameHandler
_open
_errno
remove
rename
strncat
_initterm
_adjust_fdiv
_close
_read
_write
_lseek
_filelength
_chsize
_strlwr

Exports

Exports

GetExportFunctions
SetHKCUKeyHandle

Sections

.text
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ