185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118 | Triage

Sharing

General

Target

185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118
Size

408KB
MD5

185c8d11c0611cae7c81f4458bf1adea
SHA1

6128cc714ab2c12a3fe6e18991e1172a2bbdc1a1
SHA256

cfdd3a78a895b3f49a39402eb28b0d2134cc3086849a41a6fdfe7d829a0d4dcd
SHA512

d029087ae92211c8594cef8e8e6b414792d88ef88b769947cc510c9635a43accec723642ad22a58d5f5cb2ca66681cff189cd85ab912c7c45e48e13d38963db9
SSDEEP

12288:x+uEVYYmBd2VgoWNKKliZ8qRP/FwKSJeku:xVEVYYU2AK8qRXFmJW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118

Files

185c8d11c0611cae7c81f4458bf1adea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39165092bc84217b39cecd014bee10b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualProtect
GetProcAddress
HeapCreate
HeapDestroy
HeapFree
HeapAlloc
RtlUnwind
CloseHandle
LCMapStringA
CreateFileA
GetCurrentProcess
ExitProcess
LoadLibraryA

user32

SetWindowLongA
wsprintfA
CreateWindowExA
CharLowerBuffA
CloseWindow

advapi32

RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegEnumKeyA
RegQueryValueA
RegSetValueA

Sections

.text
Size: 384KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ