e280d592e19c266f34fe8319e265a90c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e280d592e19c266f34fe8319e265a90c_JaffaCakes118
Size

46KB
MD5

e280d592e19c266f34fe8319e265a90c
SHA1

f4b064ee4c2c317b06b43ade80fbd114aec9729c
SHA256

5a6bbdacc2a47f0745375f46a4e048fbd56cb95f99c69922b08b48b5006c0c18
SHA512

bb126288f32088dda4150b173f884d9d5e27a7d104b3cd404e6b135b08a2208ee1d05c4e22a18abb0adf550ed724ae3c320a1a17735da0d749984a8f4e81fe0d
SSDEEP

768:MgGdlx90CLHmhpfjQZE8Av7t7xZeVKMGh/kxC/LUcrxv73XKxwg1Pm5w/m5vEg:RG3P0CLwpfjQmJ7BJPNkxC/b9zXVZ5cr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e280d592e19c266f34fe8319e265a90c_JaffaCakes118

Files

e280d592e19c266f34fe8319e265a90c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ad09b2edef6c9c63914be084fc92c41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIA
PathFindFileNameW
PathRemoveFileSpecW
StrStrW
SHDeleteKeyA
PathMatchSpecW
PathCombineW
wvnsprintfA
PathFileExistsW
StrCmpNIW
wvnsprintfW
wnsprintfA
wnsprintfW

advapi32

CryptReleaseContext
CryptGetHashParam
RegQueryValueExA
DuplicateTokenEx
RegCloseKey
RegDeleteValueA
CryptCreateHash

Sections

.ynyhun
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.klwf
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ututav
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ