26731a2c9b0a708867dc18bf8920ffc9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26731a2c9b0a708867dc18bf8920ffc9_JaffaCakes118
Size

1.5MB
MD5

26731a2c9b0a708867dc18bf8920ffc9
SHA1

1112121da3137ae6e6f76b472653c013f58d4e15
SHA256

a0a4f432a574f765892f344e089406f17fb5204523973d9682f3c0ef13c8e2b7
SHA512

a42dcc55c90b687071acf17a02aaf2d1f11f398ca7abac97f699886d6a4c257360783520297e5bcb93d116bf0a68fc3937edc88bc409cac4e2fceb96dfa5f695
SSDEEP

24576:oD9OsGMYv0Y7c+v0C5GMtD3CqQem7431qWTTRQQ66hJ+yhOAzdg2Ova08/:oDouvl8JQem831xT2Q66hJ+yhH/OvZU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KeyGen.exe

Files

26731a2c9b0a708867dc18bf8920ffc9_JaffaCakes118
.rar
KeyGen.exe
.exe windows:1 windows x86 arch:x86

a110531a87e9a90a0f8653b00a50f512

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

VariantChangeTypeEx

gdi32

UnrealizeObject

ole32

IsEqualGUID

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

Sections

CODE
Size: 127KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE