48b168a458c9c39e440db615f61d89a5_JaffaCakes118 | Triage

Sharing

General

Target

48b168a458c9c39e440db615f61d89a5_JaffaCakes118
Size

48KB
MD5

48b168a458c9c39e440db615f61d89a5
SHA1

90d4ff5c21916aa9b1ffcf389c3e566b901de2b2
SHA256

27a4246febff2bf625563f6500835a224acfd598209799e15707abb601395c92
SHA512

14df7ef7849b505d3b73fa24b03a60a2e28fd72e38d1ef28107b68d78952157241f903432badd3c9de72dee181318d5702a605cbe200d12e5d78f2bf24c0b349
SSDEEP

768:Ef8Q+tIiu8YoNdCegTAxbLdEptylOi+R0R3QjyrHXQ75avGwN/0:EfotIiHYo7ECvdnOi+R0R3zn90

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48b168a458c9c39e440db615f61d89a5_JaffaCakes118

Files

48b168a458c9c39e440db615f61d89a5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7630640610cf8fa015202ef75a25a8de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
DuplicateTokenEx
RegQueryValueExA
RegCloseKey
CryptReleaseContext
CryptCreateHash
RegDeleteValueA

shlwapi

PathFileExistsW
StrCmpNIA
StrStrW
wnsprintfW
wnsprintfA
PathFindFileNameW
wvnsprintfW
PathCombineW
wvnsprintfA
SHDeleteKeyA
StrCmpNIW
PathRemoveFileSpecW
PathMatchSpecW

Sections

.dgz
Size: 39KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hwhaz
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.telur
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ