fc0c6b3a3e8d1693eea74df5fa3e5faa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc0c6b3a3e8d1693eea74df5fa3e5faa_JaffaCakes118
Size

126KB
MD5

fc0c6b3a3e8d1693eea74df5fa3e5faa
SHA1

2a9456c6427aa510fdd4f84dd7cd8803dbdcd5d2
SHA256

1b60531d486cda61b72ec53106b0e2b6667becd1c04259cac3fd66c622b2626b
SHA512

03d2c42a702be2f324c24bf2d67edfbf11e0e142ea806d04e9b584453b8e427ad42c3bb316c250993b6fc06ae1da731d1e3f1132ae800b03a9694cbd2bb42dfd
SSDEEP

1536:Wy3PHyHvKl3nUmWDXwEcYs7hrrNeQ8F0Mkst4p+z9QquOft1ZJ3wny/dP17mZMxv:53PSPKF/oXBcT7JkjkstZ1uy/Z17mkow

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc0c6b3a3e8d1693eea74df5fa3e5faa_JaffaCakes118

Files

fc0c6b3a3e8d1693eea74df5fa3e5faa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b72392d55a4e17b37ee523da68652ddd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CreateFileA
LCMapStringA
LoadLibraryA
CloseHandle
GetCurrentProcess
ExitProcess

user32

CharLowerBuffA
SetWindowLongA
CloseWindow
CreateWindowExA
wsprintfA

advapi32

RegOpenKeyA
RegCloseKey
RegDeleteValueA
RegCreateKeyA
RegSetValueA
RegEnumKeyA
RegQueryValueA
RegEnumValueA
RegDeleteKeyA

Sections

.text
Size: 4KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ