b1298011958f81d0a51802c62298406d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1298011958f81d0a51802c62298406d_JaffaCakes118
Size

48KB
MD5

b1298011958f81d0a51802c62298406d
SHA1

22826a8fa4907c79c7846f8df2781f47974deca9
SHA256

cb9d66cc18a2cc1ce988c41777b86bdf2c46793c4bd7b72ac77827e02a88115b
SHA512

1b51f021dca2d6de3b8a2b54f44685fead39bec546095e71433663a8dcdc15a18b34285b54c2102c85224ca57c5c099bac864146e6a00f43a53f974da26c18b1
SSDEEP

768:vCFfHeh6733QAuWCQvqdUEefoTmLoiytBsqM2P8z++uyQo6Yb+/VZGfp:w+h673NuZZdU9wTSkqqMzbjQo6YCZi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1298011958f81d0a51802c62298406d_JaffaCakes118

Files

b1298011958f81d0a51802c62298406d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c03d6c8f5325761f0635b3bf47569a8e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
CryptGetHashParam
RegDeleteValueA
CryptReleaseContext
DuplicateTokenEx
RegQueryValueExA
CryptCreateHash

shlwapi

StrCmpNIA
wvnsprintfW
PathFileExistsW
wvnsprintfA
wnsprintfW
PathCombineW
wnsprintfA
PathRemoveFileSpecW
PathMatchSpecW
StrStrW
SHDeleteKeyA
PathFindFileNameW
StrCmpNIW

Sections

.rghwt
Size: 39KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gbwz
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wxon
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ