5f510b03242c24351357f92422201c74_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f510b03242c24351357f92422201c74_JaffaCakes118
Size

51KB
MD5

5f510b03242c24351357f92422201c74
SHA1

09204b4623d43685af9a1c9bf2acec797a01bf11
SHA256

eb5227c14ccfd18089644f8b48f6bdf1a6c7afdcd4ee04827c034a0570e198e7
SHA512

0ef72358f2066c3076d0837edd8a3a9c85d348edcf8c6ac3f6139cd1d8dfd4575454aeaf5cd91ab32c26f17373f5ad1933cf3bb7d90d96497012f3c3ac46aba7
SSDEEP

1536:S60IuYzJRkQpNj6wEExdb0pmnrqRgrDiZ:1hzJyWewEEx5Gmn2KC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f510b03242c24351357f92422201c74_JaffaCakes118

Files

5f510b03242c24351357f92422201c74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a718e7e2b6b05f602fa180ab0fb38045

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptReleaseContext
GetUserNameW
RegEnumKeyExA

kernel32

InitializeCriticalSection

shlwapi

PathFindFileNameW
PathMatchSpecW
StrCmpNIA
StrStrW
wnsprintfA

user32

CharLowerBuffA
EndDialog
ExitWindowsEx
GetClassNameA
GetClipboardData
GetDlgItemTextA
GetIconInfo
GetMessageA
MsgWaitForMultipleObjects
SetProcessWindowStation

Sections

.gpup
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yjytqb
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.forwn
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ