18cf8397bbdc2107eb74846e970782fa_JaffaCakes118 | Triage

Sharing

General

Target

18cf8397bbdc2107eb74846e970782fa_JaffaCakes118
Size

46KB
MD5

18cf8397bbdc2107eb74846e970782fa
SHA1

51e24ed0bcab07587a8b44f86567f5a3f046df5a
SHA256

5f5c354a8784c15b84718a932147041f81482bd9537cc988cc97d295bd40606f
SHA512

bff979e570ee3bd6cdda6997143282bc74c7e2bf6959fa10e8b2e44dedc6d387e6e3c66447107fdb2465a9e9ea5c742be9753d12b3b067ab132e1f4217858ef9
SSDEEP

768:bWKyZL7GASyaa4H/jva6ks47H253i/hA5TjgOgcuJ0/UhdZ1ANl49:qKUXGALKTaiy6TlumMbQNl2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18cf8397bbdc2107eb74846e970782fa_JaffaCakes118

Files

18cf8397bbdc2107eb74846e970782fa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a118cb7305435a61018d725c8a65a8e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
RegCloseKey
CryptCreateHash
RegQueryValueExA
RegDeleteValueA
CryptReleaseContext
DuplicateTokenEx
RegSetValueExA

shlwapi

StrCmpNIW
PathMatchSpecW
wnsprintfW
wnsprintfA
PathRemoveFileSpecW
PathFindFileNameW
StrStrW
PathFileExistsW
PathCombineW
StrCmpNIA
SHDeleteKeyA
wvnsprintfA

Sections

.twnid
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ulkl
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dcz
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ