f5febfb6a9312ed718a682fac293240c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5febfb6a9312ed718a682fac293240c_JaffaCakes118
Size

45KB
MD5

f5febfb6a9312ed718a682fac293240c
SHA1

a270a8ff92846fe8262f805ff4c22ef8dccef359
SHA256

72941c3a9a8717ad9ce2b18794a4dc5af7269f8cfc2889a58dd1d74c3d8f1531
SHA512

d42d1ab4d5957ae52ac35f8ba8e03ec2a1f798bbb5fd23b11f33f484469f8adb357778c0b850fffbe8a2b79639935331900b25db58b705104cacb11e2ba31fa2
SSDEEP

768:syxxUTzWGIfOdR44ObPVwseTAak459724bHZIJ0gk6eE4vjn4X:ZxuzYf/9Re0ak45E4bHZhgkRRDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f5febfb6a9312ed718a682fac293240c_JaffaCakes118

Files

f5febfb6a9312ed718a682fac293240c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a9dd07134933b65cff387dbcee618ad3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
DuplicateTokenEx
CryptGetHashParam
RegQueryValueExA
CryptCreateHash
RegDeleteValueA
RegCloseKey
GetUserNameW

shlwapi

PathRemoveFileSpecW
wnsprintfA
PathFileExistsW
wvnsprintfW
PathCombineW
PathMatchSpecW
StrStrW
SHDeleteKeyA
wvnsprintfA
PathFindFileNameW
StrCmpNIA
wnsprintfW

Sections

.pslej
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wvalor
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mfed
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ