83fa6de083de960b049d7528ae96326f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

83fa6de083de960b049d7528ae96326f_JaffaCakes118
Size

320KB
MD5

83fa6de083de960b049d7528ae96326f
SHA1

77e0e0ff3fb85b1e3fcf7dfcede2e092c1f8075c
SHA256

cc7f62266b586fbc39a1db6b2fa813fa2d00df6bf6e7e404045cabc5f0bc59f1
SHA512

4d057fd8559d21fd75c74c5b21651f8fc9b418c18a77e32df5ced58a40e0fa4d38dc99f2d3afbff56442cb49649708c96f78b63985214a0132082181ee7abcd3
SSDEEP

6144:v7CRsAwK04qgWPHmNr/whEPhfk4DXh85nt9ZvXlnY62+zUHhU1:TVA1qk/whEp8EintvvlYl+IBU1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83fa6de083de960b049d7528ae96326f_JaffaCakes118

Files

83fa6de083de960b049d7528ae96326f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0af76e68f15fbbd59dae105dd616da3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfA
StrCmpNIA
PathCombineW
PathFindFileNameW
PathMatchSpecW
wnsprintfA
PathRemoveFileSpecW
wnsprintfW
PathFileExistsW
StrCmpNIW
SHDeleteKeyA
StrStrW
wvnsprintfW

advapi32

CryptCreateHash
CryptGetHashParam
CryptReleaseContext
RegDeleteValueA
RegQueryValueExA
DuplicateTokenEx
RegCloseKey

Sections

.jst
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bmfaj
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lidut
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ