b5869b3a37d886d0502e7fd92e04d4fd_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b5869b3a37d886d0502e7fd92e04d4fd_JaffaCakes118
Size

46KB
MD5

b5869b3a37d886d0502e7fd92e04d4fd
SHA1

4b9e8b80d5643351be4f6d34c6fe215787d4f616
SHA256

6404a07b78a0a917259e7da38bce0afdc830e9188fe0c2641f249898d4fac717
SHA512

6b8a6b7ed7fefba35783b2933f2a0fdb8b7bd4a251d9f9cd79f46e7a0b8bc1bfcd502dd390142dc9a061cb0002aa5051e41dab6f43d4f5d874e7729e7eba3d4b
SSDEEP

768:ISQO9wyRXTB0vVpnXj+hSz3SQXabwQd2tHY77p2PtNrUCz1x0m5qmZIVVYcvr01z:d3X0rXqhSzCsabwQAHYmtNrbzhq6cvr0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5869b3a37d886d0502e7fd92e04d4fd_JaffaCakes118

Files

b5869b3a37d886d0502e7fd92e04d4fd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

89c8ed66e9a50882e0295c6eb1343530

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
CryptGetHashParam
CryptCreateHash
CryptReleaseContext
RegDeleteValueA
RegQueryValueExA
RegCloseKey
GetUserNameW

shlwapi

wnsprintfW
PathMatchSpecW
PathFindFileNameW
PathRemoveFileSpecW
StrCmpNIA
StrCmpNIW
PathCombineW
wnsprintfA
wvnsprintfW
SHDeleteKeyA
StrStrW
wvnsprintfA

Sections

.mfgbmj
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rid
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mbgx
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ