048e0ba92e07a20119d75619f4bad400_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

048e0ba92e07a20119d75619f4bad400_JaffaCakes118
Size

466KB
MD5

048e0ba92e07a20119d75619f4bad400
SHA1

7d749bf4f4cb2904797de3a68b64b990ced8ddad
SHA256

8d521573c3d159f54f01f2b2b789a65c9905189b1c92e78312c3008c03e706b5
SHA512

389fc0469b7bfd2b968efb0c29c8527a2ed30b66d5bbce98b140f691b196098e13031430311bfddba234bbc2c8159d82423f8759b61feaf60cfa00af52ee9008
SSDEEP

12288:zv5wClCFdL05oyZjObZk7WfOOrPF+ebGcSU:thCgGyNf7WfOO7FFScSU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
048e0ba92e07a20119d75619f4bad400_JaffaCakes118

Files

048e0ba92e07a20119d75619f4bad400_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8f46c6037ac6178d42ccda72e64ad1c3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx

kernel32

GetUserDefaultUILanguage

shlwapi

PathCombineW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
StrCmpNIW
StrStrW
wnsprintfA
wvnsprintfW

user32

DispatchMessageA
GetClassNameA
GetDlgItem
GetForegroundWindow
GetIconInfo
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetProcessWindowStation
SetThreadDesktop

Sections

.ncfgj
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fwjun
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bad
Size: 6KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ