a70ef1d2998641c69cc5d2808333175d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a70ef1d2998641c69cc5d2808333175d_JaffaCakes118
Size

214KB
MD5

a70ef1d2998641c69cc5d2808333175d
SHA1

b4d672c651dd0d2d6f5173c3b39d281beb16ebfd
SHA256

46ef2857f3cf7af4502e66eff2efeb7a5e9a4c419a80afcbc4c97c8b8766c26c
SHA512

4b41ca4e7af64f8ed4a7b6e37bf27d31f9ef92a50b7dc424dfbf69af2a709e6ab824eb7536ba3b3448b19477a803c454641c724c036d48f184a8d95f91402cc4
SSDEEP

6144:PwokWCwiKmFuN1tTsPeH7SPlVN9ZmCNVnSuawWM:YrWChkN1pWPXDmxM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a70ef1d2998641c69cc5d2808333175d_JaffaCakes118

Files

a70ef1d2998641c69cc5d2808333175d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b62994796c55db9d9d4f988a2a57ad7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrStrW
PathFileExistsW
StrCmpNIA
PathMatchSpecW
StrCmpNIW
wnsprintfW
PathCombineW
SHDeleteKeyA
PathFindFileNameW
wnsprintfA
wvnsprintfW
wvnsprintfA
PathRemoveFileSpecW

advapi32

RegCloseKey
RegQueryValueExA
DuplicateTokenEx
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
RegDeleteValueA

Sections

.qdgtcr
Size: 43KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmb
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hwd
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ