8cf40da3f45041aee570c063eba474f9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8cf40da3f45041aee570c063eba474f9_JaffaCakes118
Size

46KB
MD5

8cf40da3f45041aee570c063eba474f9
SHA1

e8915a26c864144223a6e618e590edd5eed8860c
SHA256

08856acf98a5543e490df8091607b08fbc6d134a0ba86b459a150204740a70ed
SHA512

aeb5cf064bad8f37c39c36767adb18c8d3cbf39810bc1f3ab434212b1af1077052b3f4248b9acffb853c9d8b75ad29025117de045ad7f1eea23c7fb666d90857
SSDEEP

768:2wCDiYqBCwANALxN8U5Wclco4uOriUGY+cXQXVzBq3Sk+aYRZW5rfUUIq:2wciYKCvALyImri5cXOVzBUSk+aYvqU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cf40da3f45041aee570c063eba474f9_JaffaCakes118

Files

8cf40da3f45041aee570c063eba474f9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d56c99ba9212484f0912e0c046c1b07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegQueryValueExA
CryptReleaseContext
CryptGetHashParam
DuplicateTokenEx
RegCloseKey
CryptCreateHash

shlwapi

wvnsprintfA
PathFileExistsW
StrStrW
PathCombineW
wnsprintfW
SHDeleteKeyA
PathMatchSpecW
wvnsprintfW
StrCmpNIA
wnsprintfA
PathRemoveFileSpecW
StrCmpNIW
PathFindFileNameW

Sections

.lyp
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ulur
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qfoneb
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ