bf66071d85843b2d6a2598b0fd72a7d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf66071d85843b2d6a2598b0fd72a7d9_JaffaCakes118
Size

188KB
MD5

bf66071d85843b2d6a2598b0fd72a7d9
SHA1

05285f5714291c562a609f3bdb4192a150457d65
SHA256

6276dfbbf7d03b7918ca2b6d92221af73adffa74d36e5a70acfb867fb5f42046
SHA512

18c5beda899b392e997d7ad01ed11a9258d0adbcb43a537b44f433d4f7c81512c5ea8fe9231f9abcc20d996fc327ce4cae1ac92c8dc5f0a6e1953271e3bb0c32
SSDEEP

3072:ILdsRGAvZUC/56HjiTFZJVmhSRVmprr/nNPkAXk9s55hFkzENtT1LSJZDppHi:ILdsMAvKC/5nF1mwOrnyNO55jtNtT1em

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf66071d85843b2d6a2598b0fd72a7d9_JaffaCakes118

Files

bf66071d85843b2d6a2598b0fd72a7d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

737fce661c5c30e6eb4f4fb7e87746d8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
GetCurrentProcess
LCMapStringA
LoadLibraryA
CreateFileA
CloseHandle
ExitProcess

user32

SetWindowLongA
CharLowerBuffA
CreateWindowExA
CloseWindow
wsprintfA

advapi32

RegCloseKey
RegEnumValueA
RegOpenKeyA
RegCreateKeyA
RegQueryValueA
RegDeleteValueA
RegSetValueA
RegEnumKeyA
RegDeleteKeyA

Sections

.text
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ