11351899aae6e65eebfed659356b8e55_JaffaCakes118 | Triage

Sharing

General

Target

11351899aae6e65eebfed659356b8e55_JaffaCakes118
Size

925KB
MD5

11351899aae6e65eebfed659356b8e55
SHA1

e46111edd7411482c5798980be43fd87aecace47
SHA256

aa4850ad301d6cb507257e972774f77543df299a5742188175a10f8273d5bd29
SHA512

21c3cdde3da518e7eaec3817187cf5166809fb856274e5d56d81a950e673074738970e143e3ddec92621aeec5a0a4d08ab866f5b39c79c4d3bc9599fa04818bf
SSDEEP

12288:7DblI1/3vxsL+LuP2V62MaJYWh2/XoXvUJOHdNMV+dLGuZhW75QbbYEGPxWZaVuF:73613Wqt6fhiEY9dLpbUQbEFPxWOuWGh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11351899aae6e65eebfed659356b8e55_JaffaCakes118

Files

11351899aae6e65eebfed659356b8e55_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6577faaff3e727e2f6729adacf0af6aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
LCMapStringA
LoadLibraryA
CreateFileA
ExitProcess
CloseHandle
GetCurrentProcess

user32

wsprintfA
CharLowerBuffA
CreateWindowExA
CloseWindow
SetWindowLongA

advapi32

RegEnumKeyA
RegCloseKey
RegEnumValueA
RegQueryValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
RegCreateKeyA

Sections

.text
Size: 855KB - Virtual size: 856KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ