3c9a3fca342f34ad2d9cad0edac65b7f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3c9a3fca342f34ad2d9cad0edac65b7f_JaffaCakes118
Size

170KB
MD5

3c9a3fca342f34ad2d9cad0edac65b7f
SHA1

aedc576e0246cb11bfb32ea445985101a7bcc465
SHA256

828e1ff608973becebdf53ec4c7b50d5d6b2aba2ee929b52e7ede8df65103759
SHA512

283bcc9d5120bed473ceca07dc7378a61b01705626204a11af15e09d07420c55ef0b5e72e8eccf0835dadb1799e26e4856c1c5e241c4a1f6cafa645217c04317
SSDEEP

3072:sqL6fRfCz6oys3/jnYwh5ncXvnamGsALtEDSuOI9CgJy+kYDS9u/tq+nKg:saQ6zE8YXvnJpUEDII9CgJPkkSIFBKg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/APLicGen.exe

Files

3c9a3fca342f34ad2d9cad0edac65b7f_JaffaCakes118
.zip
APLicGen.exe
.exe windows:4 windows x86 arch:x86

34cb441b72dbc84c8c2ae9d7db69a88e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

comctl32

_TrackMouseEvent

comdlg32

GetSaveFileNameA

Sections

.text
Size: 164KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE