8c58dbb8e9286ac785496e92948f2868_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c58dbb8e9286ac785496e92948f2868_JaffaCakes118
Size

451KB
MD5

8c58dbb8e9286ac785496e92948f2868
SHA1

fc9e8ab72c22410fcb03e84fa29e531655cbbfa3
SHA256

7264b2058498dca9e727c50ff692b8248f93bdc8fd639cc76a2db4a3adc1e729
SHA512

f5aed5610eb6276a37ec831058f0b429e3c48eaeea05ea4b523981b75acc6db0439a9d055509614b81638d3021ee36882745221d30b32903c3248a546b5b974f
SSDEEP

12288:/rg4W8Jl42zNMeIFwPYhWkkTaD4BandUSP1:/rgX8JH5IFwPYhWk1DjJ1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c58dbb8e9286ac785496e92948f2868_JaffaCakes118

Files

8c58dbb8e9286ac785496e92948f2868_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9bd7811dfb4dd4fe5e0e1989db3c5427

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext

kernel32

GetModuleFileNameA

shlwapi

PathCombineW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
wnsprintfA
wnsprintfW
wvnsprintfA

user32

CharLowerBuffA
CloseWindowStation
ExitWindowsEx
FindWindowExA
GetClassNameA
GetClipboardData
GetDlgItem
GetDlgItemTextA
GetMessageA
GetWindowThreadProcessId
ToUnicode

Sections

.hixah
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.knst
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tof
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ