0f984f5bf70f9d8c36325048e3245920_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f984f5bf70f9d8c36325048e3245920_JaffaCakes118
Size

516KB
MD5

0f984f5bf70f9d8c36325048e3245920
SHA1

29439571e1185d7df649ed3646cb40fb159e9353
SHA256

a8ca2f50140cebe08cf5c3405d7ff6192d4f410203edfa55beaa8682ca9da52e
SHA512

699f21d2815bbe94c0d3b68eea40e6737054fea0d596ac940623342ff65b4464c46590a3aa21983ae2199819ef9fe1d5a1acaa4acf4123b053b62ff86dea4016
SSDEEP

12288:EQbyUnmj7e22bVRJo7sXeyzqW8ncNz+KRb/C4nv:EQvm72v27XB/cNSAmc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f984f5bf70f9d8c36325048e3245920_JaffaCakes118

Files

0f984f5bf70f9d8c36325048e3245920_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1eac144feaf4a1b1ff4a079662a69bd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
CryptGetHashParam
CryptCreateHash
RegQueryValueExA
DuplicateTokenEx
CryptReleaseContext
RegDeleteValueA
RegSetValueExA

shlwapi

PathFindFileNameW
wvnsprintfA
wvnsprintfW
wnsprintfW
StrCmpNIW
PathCombineW
PathRemoveFileSpecW
StrCmpNIA
PathFileExistsW
wnsprintfA
StrStrW
PathMatchSpecW
SHDeleteKeyA

Sections

.udmv
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.opgf
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ingtmd
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.read
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

FSG
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE