b0d01c51c570f69ec861f485f1592bbd_JaffaCakes118 | Triage

Sharing

General

Target

b0d01c51c570f69ec861f485f1592bbd_JaffaCakes118
Size

679KB
MD5

b0d01c51c570f69ec861f485f1592bbd
SHA1

fa468f728fc71771a813c502b2998bda2b54cf07
SHA256

89aab84ce15140c36b83ca36289247c971044a50d60cd7407bbf26d7fe0f3930
SHA512

78271dc2c533ac1826672fd1e35cec353245e863d7ac353c1155e564ddc28268eeed351808462a79d35564d26a7bdd7fbbaa58f1ca1c369c05bb380a6297da22
SSDEEP

12288:o3uEAaSsFxglyjraKvMfMcZc4xE5Df64DROELf5F5xHc2gL/VAnZNx8XqVopf:sTxeivMkIm5b64cELBRcNhAnVkZ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0d01c51c570f69ec861f485f1592bbd_JaffaCakes118

Files

b0d01c51c570f69ec861f485f1592bbd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da038cc99db680bf3eb78f03393681c2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfW
StrCmpNIA
wvnsprintfA
wnsprintfW
PathCombineW
PathFindFileNameW
PathMatchSpecW
wnsprintfA
SHDeleteKeyA
PathFileExistsW
StrCmpNIW
PathRemoveFileSpecW
StrStrW

advapi32

RegQueryValueExA
CryptReleaseContext
RegCloseKey
RegDeleteValueA
CryptCreateHash
CryptGetHashParam
DuplicateTokenEx

Sections

.ktejkd
Size: 39KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dupip
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ahyj
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ