97488bcf9e8adf3ea36703a5867b450c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

97488bcf9e8adf3ea36703a5867b450c_JaffaCakes118
Size

46KB
MD5

97488bcf9e8adf3ea36703a5867b450c
SHA1

5d91bcba43d39aca0c63d0ea2f0e1a27114ed582
SHA256

c48b68b3a4a0453175e8dedb1a0d10a2c40498025fe94467f661f1ab7928bd4b
SHA512

bd77e28f70795272344f20c08088132f7a265a369c9c03d2b3dc3e2920e82565f81b213238b5c5da94a0e79f199cd5c5de5b34e29509bf81ee9b3f245cc5a13d
SSDEEP

768:AhyM/TAVcLqnfzwYG741nO+djU8k235msQeuMhNZhbZAiAWVxueVSYseZDokQNZ4:AJThMEUk+dx5NQeVSNeZERLrGR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
97488bcf9e8adf3ea36703a5867b450c_JaffaCakes118

Files

97488bcf9e8adf3ea36703a5867b450c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

14773151f87fe49ac6f8c7ab3c5e4dab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
DuplicateTokenEx
RegDeleteValueA
CryptGetHashParam
RegCloseKey
CryptCreateHash
RegQueryValueExA

shlwapi

StrCmpNIW
StrCmpNIA
PathRemoveFileSpecW
wnsprintfW
PathCombineW
PathFileExistsW
wnsprintfA
SHDeleteKeyA
PathMatchSpecW
wvnsprintfW
wvnsprintfA
StrStrW
PathFindFileNameW

Sections

.wtmlez
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fgp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uxazif
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ