4af0d25fffa5b151e3b798158766d27b_JaffaCakes118 | Triage

Sharing

General

Target

4af0d25fffa5b151e3b798158766d27b_JaffaCakes118
Size

48KB
MD5

4af0d25fffa5b151e3b798158766d27b
SHA1

7cbd607d43f83b107e09b3b1eb2280943047513f
SHA256

317d1d3d7be15bac89d07bbf7d69737d9b0c2b99587e8c6297120a97b15c8674
SHA512

ff4c73fb27f9379ad67d9733e28fba9e8d19835b9fadf2f719d6d0492868a82548474e0ba12e3dca4d4f03ab9e80bd4276807879a5d0c1330ed03da66f54bf97
SSDEEP

768:I7DkFjHdOIRIFX81WsGa1Vdsw1XIIxBnF8RLwAt2xqZf+8j6RIoJJeNwX+Ao9/Dz:I7coIRIFqWJCdYEBnFqUAuwG3wAoNP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4af0d25fffa5b151e3b798158766d27b_JaffaCakes118

Files

4af0d25fffa5b151e3b798158766d27b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e40efb697833ed5f67b86d62a8561e18

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyHash
RegEnumKeyExA
CryptCreateHash
RegCloseKey
RegDeleteValueA
CryptAcquireContextW
RegCreateKeyExA
CryptHashData
CryptReleaseContext

shlwapi

PathRemoveFileSpecW
PathCombineW
PathMatchSpecW
wvnsprintfA
wnsprintfW
SHDeleteKeyA
wvnsprintfW
StrCmpNIA
PathFindFileNameW
wnsprintfA
StrCmpNIW

kernel32

FindNextFileW

Sections

.vmx
Size: 39KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tshmb
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fin
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ