fdef02cf0ad653d9cfabb78a155a0fe5_JaffaCakes118 | Triage

Sharing

General

Target

fdef02cf0ad653d9cfabb78a155a0fe5_JaffaCakes118
Size

46KB
MD5

fdef02cf0ad653d9cfabb78a155a0fe5
SHA1

42cdf5cb2b41bf83f530ee67d50cbca0db10eccf
SHA256

51905ea134a854a0f4712457f7517e91df7b12128737a556509f0ab11829b3e4
SHA512

152570f69696354621daf300a3dbf063d4bacc5bd4715a4cc1402957e0ecbb83bb347d905fdb130ec6f94fb81e123bfe744ea5d0a42c710ed7621dc525273c8e
SSDEEP

768:wchsJ6+4ZdlEaNo7WIOLAq39jWhc5txcn3a7AbUR9AT3GgSIi:XS6+4Z0aiWZ8CjWhc5txcn3a0b1TLSIi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdef02cf0ad653d9cfabb78a155a0fe5_JaffaCakes118

Files

fdef02cf0ad653d9cfabb78a155a0fe5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7b8b2c258c875146345386936389cd7e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptCreateHash
CryptReleaseContext
RegDeleteValueA
RegQueryValueExA
CryptGetHashParam
DuplicateTokenEx
RegCloseKey
RegSetValueExA

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
wnsprintfA
wnsprintfW
StrCmpNIA
StrStrW
SHDeleteKeyA
PathFileExistsW
StrCmpNIW
wvnsprintfA
wvnsprintfW
PathMatchSpecW

Sections

.fircv
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hwn
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qjcr
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ