4aa6da5e850ea7c511c607cf2e9adda8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4aa6da5e850ea7c511c607cf2e9adda8_JaffaCakes118
Size

46KB
MD5

4aa6da5e850ea7c511c607cf2e9adda8
SHA1

6f65df01af13638d7ff8d0fa8938a8da78be73c2
SHA256

7cb87596ead8abb417af9a3169066eda4ec9ceb0ca919193811900bb77efed4a
SHA512

2c3d4188b0571fd58de53640f90f5fbb8da7917f8128c597e126cb7b447ccf86f38c42325d44599fe12f00534a9efe4441ba3ddbd6e8d202114e9f1197745690
SSDEEP

768:AqNtdnBS51DBB07Q+7HW77NjlrURQJr90WLGvzrtto4lYEh:blnsjrN+qQQFK7r/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4aa6da5e850ea7c511c607cf2e9adda8_JaffaCakes118

Files

4aa6da5e850ea7c511c607cf2e9adda8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e5089ce1ac990a856a031764ecf9fe9b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
CryptGetHashParam
RegDeleteValueA
RegQueryValueExA
CryptCreateHash
CryptReleaseContext
DuplicateTokenEx

shlwapi

PathFindFileNameW
PathMatchSpecW
PathCombineW
SHDeleteKeyA
StrCmpNIA
StrCmpNIW
wvnsprintfW
wnsprintfA
wvnsprintfA
PathRemoveFileSpecW
wnsprintfW
StrStrW
PathFileExistsW

Sections

.whsz
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zcfmp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vyd
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ