fc6ab79baa37b62c1b850ad4c322ea85_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fc6ab79baa37b62c1b850ad4c322ea85_JaffaCakes118
Size

194KB
MD5

fc6ab79baa37b62c1b850ad4c322ea85
SHA1

33f2a350668883ee1d8d9037668d99c40fb3b3a1
SHA256

42986a0bcc3aa8e6e10969083aec7603e9e705ed1eb4ebe2e5ca74e10835a3b5
SHA512

6c3f5127065f620e3ac86625a8b194825859d89fc5d9be33fade7f28fdb0443603ae654cd36cf808eeb27d4bdaf2fcbabba5bd43a4021272a9d11d8f0607f805
SSDEEP

6144:ZJ2ZdhpNR/F4E8cxkFGHjKE2UVbXtPYlfwm0BG/b5U:Zo/pNR6E8cxzBVqaG/ba

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fc6ab79baa37b62c1b850ad4c322ea85_JaffaCakes118

Files

fc6ab79baa37b62c1b850ad4c322ea85_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a4b9160ff1523dd520d31d41cf202988

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryA
ExitProcess
GetCurrentProcess
CloseHandle
CreateFileA
LCMapStringA

user32

CharLowerBuffA
CloseWindow
wsprintfA
SetWindowLongA
CreateWindowExA

advapi32

RegDeleteKeyA
RegOpenKeyA
RegSetValueA
RegEnumKeyA
RegDeleteValueA
RegEnumValueA
RegCloseKey
RegCreateKeyA
RegQueryValueA

Sections

.text
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ