de6a6a15a0f926c3d561976b598d9ded_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de6a6a15a0f926c3d561976b598d9ded_JaffaCakes118
Size

125KB
MD5

de6a6a15a0f926c3d561976b598d9ded
SHA1

b3144065309bb190ce3da489f30bec40654c27cf
SHA256

fcb25b19440046d7f65d09b9381a00cdf0988ddf721e18225bd2642c75254234
SHA512

4a0b2e5d7ebd6303e822ad1f2fc651f329a5beb997e301752c8e904ee6c85097745a830612232350ce4059adb5b302b34a3d138fccd5b93baf448842e54dd60b
SSDEEP

3072:FzyKmClIxVwlXtao7n1+NQ2aS9Ay/se/I:c4QVAtao7n1KQ7IR/I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
de6a6a15a0f926c3d561976b598d9ded_JaffaCakes118

Files

de6a6a15a0f926c3d561976b598d9ded_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c2f0692a2a45368f1babaa9676455f89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Archivos de programa\Panda Security\ActiveScan 2.0\AS2Uninst.pdb

Imports

shlwapi

SHDeleteKeyA

kernel32

Sleep
CloseHandle
CreateProcessA
FreeLibrary
GetProcAddress
LoadLibraryExA
GetTempPathA
MoveFileA
DeleteFileA
CopyFileA
GetModuleFileNameA
GetSystemDefaultLangID
GetModuleHandleA
GlobalAlloc
LoadLibraryA
SetThreadPriority
GetCurrentThread
SetPriorityClass
ExitProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
RemoveDirectoryA
GetLastError
FindClose
FindNextFileA
SetFileAttributesA
FindFirstFileA
WideCharToMultiByte
LoadResource
FindResourceExA
GlobalFree
SetProcessPriorityBoost
GetCurrentProcess

user32

CharLowerA
MessageBoxA

advapi32

RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteExA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE