5efa55516c430782fea3ccc8379ff393_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5efa55516c430782fea3ccc8379ff393_JaffaCakes118
Size

45KB
MD5

5efa55516c430782fea3ccc8379ff393
SHA1

4983ad65b20f62cc6ad7f02a204183d30394d7b9
SHA256

09f1da74afdd1df6a4564cce1a503643b7b5e76ad77cef739a62b9933e2cfb3e
SHA512

d46b1e10564bbd36f18e6b45cb7479d71beb868acf0baa51630dae71da16229dbde1e0a1e72445246f6a061adc78139f07a7a84c7176c27d851f274cb3dce64b
SSDEEP

768:9PLC+3uPfwvEsEZyO5JixU0oQ2U1OaCRPlAaqqKRbCfA3CsVaIUU+78YG9UJrnT+:9DC+3uPIcsEZz4U0B2U0aOtA1jJSsVeM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5efa55516c430782fea3ccc8379ff393_JaffaCakes118

Files

5efa55516c430782fea3ccc8379ff393_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ad74f2aa449c6ff544ff7e84bd06d761

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteValueA
CryptReleaseContext
CryptGetHashParam
DuplicateTokenEx
RegQueryValueExA
CryptCreateHash

shlwapi

PathRemoveFileSpecW
PathMatchSpecW
SHDeleteKeyA
StrCmpNIA
wnsprintfA
wnsprintfW
wvnsprintfW
PathCombineW
wvnsprintfA
PathFileExistsW
StrStrW
StrCmpNIW
PathFindFileNameW

Sections

.qlgr
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rgv
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tcpsx
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ