166ee3a3b188ee685c6022184eeeafdd_JaffaCakes118 | Triage

Sharing

General

Target

166ee3a3b188ee685c6022184eeeafdd_JaffaCakes118
Size

200KB
MD5

166ee3a3b188ee685c6022184eeeafdd
SHA1

b92bb31d10bebf23ffb9c44e7cd9a6b4aab6a3ac
SHA256

d0cf4e7c1ce703c8818bdcbbb1cee3aad639a8cead582fe9ae98192479d30a10
SHA512

84e4cceac693b586d3de204da7e7a17b46e8e6f321acf50204a290b9cf5ee493d84956765d971e12c879471aa2c71905475ff7925ddc4be7b064fbe823364d7b
SSDEEP

3072:x8wtyRTwZZT4gFARJQFUGdQ2rszVr1YZVQ5i6BOH7q1:qwEZuTdFAROPQ2ozVcVQ54W1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
166ee3a3b188ee685c6022184eeeafdd_JaffaCakes118

Files

166ee3a3b188ee685c6022184eeeafdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ddd0c7d9db48459e1f672db7f8e37987

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CreateFileA
ExitProcess
LCMapStringA
GetCurrentProcess
LoadLibraryA
CloseHandle

user32

wsprintfA
CharLowerBuffA
CreateWindowExA
CloseWindow
SetWindowLongA

advapi32

RegEnumValueA
RegEnumKeyA
RegOpenKeyA
RegQueryValueA
RegDeleteKeyA
RegCreateKeyA
RegDeleteValueA
RegSetValueA
RegCloseKey

Sections

.text
Size: 121KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ