004ffb118c61db2758c6ad2d698bb396_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

004ffb118c61db2758c6ad2d698bb396_JaffaCakes118
Size

255KB
MD5

004ffb118c61db2758c6ad2d698bb396
SHA1

b64366b6f493c0f4c3d1014fce96f24f0d40866c
SHA256

629380002b88f8a0aae46164f008fd271b8dcff585bd8a49370495c10cbab78d
SHA512

560931dec6e1e1f838ecf22dcc31cc6188c73382293542f93b4b8d336e08c21367f4d2ac8a3bce9810ffd84f62721379df21c99ea9e2db863921054a6399b362
SSDEEP

6144:nB16uwg1nsqdIkvrCUIADP0oRVbYQlcHQg1cdttOC:nZsqzHIDoRuQlcHQ5dttOC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
004ffb118c61db2758c6ad2d698bb396_JaffaCakes118

Files

004ffb118c61db2758c6ad2d698bb396_JaffaCakes118
.exe windows:5 windows x86 arch:x86

afdbb4a7eff8febde283201b9e39e03f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptCreateHash

kernel32

ReleaseMutex

shlwapi

PathCombineW
PathFileExistsW
PathFindFileNameW
SHDeleteKeyA
StrCmpNIW
StrStrW
wvnsprintfA
wvnsprintfW

user32

CharLowerBuffA
CloseWindowStation
DispatchMessageA
EndDialog
ExitWindowsEx
GetClassNameA
GetCursorPos
GetMessageA
GetWindowThreadProcessId
OpenDesktopA
ToUnicode

Sections

.gletsb
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uhkb
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tgj
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ