f1b7c71ec304230a80f26386fdf5493d_JaffaCakes118 | Triage

Sharing

General

Target

f1b7c71ec304230a80f26386fdf5493d_JaffaCakes118
Size

388KB
MD5

f1b7c71ec304230a80f26386fdf5493d
SHA1

4b6567f4c3f31d5e4dface0ae749b3fbc55d3af8
SHA256

4fd8a42413039c3d118978bf590ca9906991583f2c516eedc23ccabcc120fde8
SHA512

b0bbe933cbd671375f12d8f70698c011530c13f8888e310d6ae94ecc692c3edc29dd732bcb036d7b2c0a5c426f60fa28516f167993fc39a9d7bb6a1c48841976
SSDEEP

12288:D3KAZ0SaSG2NQELQtsbJyC1YvYW0WYT/l1:jKAZ0aG2NQELiGoCipNmN1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1b7c71ec304230a80f26386fdf5493d_JaffaCakes118

Files

f1b7c71ec304230a80f26386fdf5493d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1d7833a46758dd8324f9a7a78b458604

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CreateFileA
LCMapStringA
GetCurrentProcess
LoadLibraryA
CloseHandle
ExitProcess

user32

CharLowerBuffA
CreateWindowExA
CloseWindow
SetWindowLongA
wsprintfA

advapi32

RegSetValueA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegCloseKey
RegQueryValueA
RegCreateKeyA
RegOpenKeyA
RegEnumValueA

Sections

.text
Size: 365KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ