873648b41808f554154d25b6ebb6b29e_JaffaCakes118 | Triage

Sharing

General

Target

873648b41808f554154d25b6ebb6b29e_JaffaCakes118
Size

231KB
MD5

873648b41808f554154d25b6ebb6b29e
SHA1

fce97fb7bce4e4afd62bf3c166b5c68d56fd2c39
SHA256

c96b7613656476a9f6e6af48c487f30701ba0c493ccdb37784f1ca16d663253b
SHA512

b2701805b3fdb01ad72041d33d2b4c9e5809584462f700b1cceffb2b6a19e6128263aa5d2ab8cfe78c76641118b32ba440173ece61d503d8eb5538bc7a78e426
SSDEEP

6144:SEb+q8ObdR5SZ3J/Prvc3ZYDJ2yoUhTz0ig1BGRp:tRtbr5SzPr0p42XUNzY1BW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873648b41808f554154d25b6ebb6b29e_JaffaCakes118

Files

873648b41808f554154d25b6ebb6b29e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e4f7b30e5d4fa77a618fd0314950867e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptDestroyHash
CryptGetHashParam
CryptHashData
RegEnumKeyExA
RegSetValueExA

kernel32

InitializeCriticalSection

shlwapi

PathMatchSpecW
StrCmpNIA
StrCmpNIW
StrStrW
wnsprintfA
wvnsprintfA
wvnsprintfW

user32

GetDlgItem
GetForegroundWindow
GetIconInfo
GetKeyState
GetWindowTextA
MsgWaitForMultipleObjects
OpenDesktopA
OpenWindowStationA
SetThreadDesktop

Sections

.kvyvcf
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ktmp
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xylcd
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ