35437d7e8845630802fc6941490668bb_JaffaCakes118 | Triage

Sharing

General

Target

35437d7e8845630802fc6941490668bb_JaffaCakes118
Size

53KB
MD5

35437d7e8845630802fc6941490668bb
SHA1

670ea5b2a493ff45ec1f98376149c8d86b6c19cf
SHA256

5a4534355921c227b36004b14ff49d4b5b2328d91d5cec08f2a64b69fed11b2b
SHA512

ed4983f6ae4e572b9b2823ba2952f16d458e73f5ceb067e3b070efeabc8df73ac5bb962d63b34e866c21f6fad163f477cb63a92dac9359a52fa19f7505e13489
SSDEEP

768:8PaTZh91uMWj/oeFgfB1l8Ycn5MHxAnrwG/pOw1RPqy:8CTr91fWjoegdnrH20GBOw1Ey

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
35437d7e8845630802fc6941490668bb_JaffaCakes118

Files

35437d7e8845630802fc6941490668bb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

42ba0c8861be4be11cfccb49f2b596b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA

kernel32

GetUserDefaultUILanguage

shlwapi

PathCombineW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIA
StrCmpNIW
wnsprintfA
wnsprintfW
wvnsprintfA
wvnsprintfW

user32

CloseWindowStation
EndDialog
FindWindowExA
GetForegroundWindow
GetIconInfo
GetKeyState
GetMessageA
GetWindowLongA
SetProcessWindowStation
ToUnicode

Sections

.vedur
Size: 43KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qzatch
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pwf
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ