f4053ba613e79c99b559e8ab59797701_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f4053ba613e79c99b559e8ab59797701_JaffaCakes118
Size

51KB
MD5

f4053ba613e79c99b559e8ab59797701
SHA1

f6039f6ca8be09434343af56d892d37a829b2140
SHA256

be14bb9c4218be635a5ad06cf438568786c4ddd23a24c5f20feb3757c34b957f
SHA512

ebeceb423393b159d5b3564e1bb3c0f188a2f3fe15d825444b7a212a8881938af4002bea3ea4933d9e7c64da2aeca857885fc995b9c5f6e0d85f875448408acc
SSDEEP

768:4xCJADjExLbYiMEI7r3RLr7KS8P2RCy4Y/7ZFJiOt3rWZ9QxhF2MaO0JCJ90O7ro:4hDwZt+jl7E+RXr9mk3n7F2MTqCJyb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4053ba613e79c99b559e8ab59797701_JaffaCakes118

Files

f4053ba613e79c99b559e8ab59797701_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6786564d6193276cbfb76e7cad7ae284

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptDestroyHash
CryptHashData
GetUserNameW
RegEnumKeyExA

kernel32

InitializeCriticalSection

shlwapi

PathCombineW
PathFileExistsW
PathMatchSpecW
SHDeleteKeyA
StrCmpNIW
wnsprintfA
wvnsprintfA
wvnsprintfW

user32

CharLowerBuffA
CloseDesktop
GetClipboardData
GetKeyboardState
GetWindowTextA
MsgWaitForMultipleObjects
OpenDesktopA
PeekMessageA
SendMessageA

Sections

.mrkpyt
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ulqz
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xqnkd
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ