f00d71784a83c410ab3d36145df648f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f00d71784a83c410ab3d36145df648f9_JaffaCakes118
Size

200KB
MD5

f00d71784a83c410ab3d36145df648f9
SHA1

3d34f3ee6337b791ced730f2aeebf7948727c8c3
SHA256

9102123b26f191ed0f028de403793c36b9f7ac3004d76908ff76a1ed6e2d8924
SHA512

e45b412bb1f144a2653021a0f33d7f33309f1bac7e2c30b45153b6e80be82d39622f676147a9d8408a279cbc8a658725e113a80c1331c93694d0ad1b9528eb06
SSDEEP

6144:pyz9bssIBc1hohhAaHtN0CCHQE/ZsCKyVjOh4:UxgmOhhA4t27H1qCEq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f00d71784a83c410ab3d36145df648f9_JaffaCakes118

Files

f00d71784a83c410ab3d36145df648f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a053d395d3684484d4c03973a7c6129e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
LCMapStringA
ExitProcess
CreateFileA
GetCurrentProcess
CloseHandle

user32

wsprintfA
CloseWindow
CharLowerBuffA
SetWindowLongA
CreateWindowExA

advapi32

RegDeleteValueA
RegCreateKeyA
RegQueryValueA
RegDeleteKeyA
RegSetValueA
RegEnumValueA
RegEnumKeyA
RegCloseKey
RegOpenKeyA

Sections

.text
Size: 181KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ