6adf4900bfe9ec072414242d7c90cf2e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6adf4900bfe9ec072414242d7c90cf2e_JaffaCakes118
Size

58KB
MD5

6adf4900bfe9ec072414242d7c90cf2e
SHA1

c690e5fe364d0f17f38d575b3cc86dee007b4b11
SHA256

975b8c091abcd84db149856b0f62178e6cbc70d482eb2caf3f6467c65cc53cfe
SHA512

006f8d008c0de1aa7670e4e9011c57f881c0b111b92d4d007534fca2ed106132cce143fa75a19aff17443c860b9aa41b05a8afe14a95467e4c72d4e1606bf9f6
SSDEEP

1536:P1MRShI558Ce8TMS1laigaghYzWuX5//niLeDFw:QShV5agulViLeDFw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6adf4900bfe9ec072414242d7c90cf2e_JaffaCakes118

Files

6adf4900bfe9ec072414242d7c90cf2e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45152334062d1bd9c5ff83324cbea43a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenBackupEventLogA
RegConnectRegistryA

kernel32

ReadConsoleA

shlwapi

AssocQueryStringA
PathFileExistsA
PathStripToRootA
SHIsLowMemoryMachine
SHRegCreateUSKeyA
SHRegOpenUSKeyA
SHRegWriteUSValueA
StrIsIntlEqualA
StrToIntExA

user32

CharPrevA
DdeAbandonTransaction
EnumDesktopWindows
GetClassInfoExA
GetMenuCheckMarkDimensions
GetMenuContextHelpId
GetMenuItemID
LoadImageA
SystemParametersInfoA

Sections

.jyrmj
Size: 22KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vof
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yhmrm
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rchy
Size: 25KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ