b1e41e2449162291ce26f78f7dd9703c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1e41e2449162291ce26f78f7dd9703c_JaffaCakes118
Size

51KB
MD5

b1e41e2449162291ce26f78f7dd9703c
SHA1

85669d385ef718801cbb7e0ed4ab05d9eca9b6d6
SHA256

4dbe95a2b368d435d52864314f79a6fbe381329e5a147743dfbbd9eeb68ee1b0
SHA512

9c69b29a94c8e65fc0046ed628d8dc4207aa9426b7dbf2a7f2ae004c79b64ff902a52240e92fcb7b93483756220b72bdc35ab84af2ac2f5128b9908d16d03a15
SSDEEP

768:GrRvgdll32gE8Vyk2HGsBK40QijzUQtFwzO+YiNz95yGCxNBd5l05N0ulWQjMYXz:GVgoe8lijzclH5yGC/B7WDlMQjMYwq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1e41e2449162291ce26f78f7dd9703c_JaffaCakes118

Files

b1e41e2449162291ce26f78f7dd9703c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fa87b963337fe33e4344601a1b3f1010

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
RegCreateKeyExA
RegSetValueExA

shlwapi

PathCombineW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIW
wnsprintfW
wvnsprintfW

user32

CharLowerBuffA
GetClassNameA
GetClipboardData
GetKeyboardState
GetKeyState
GetMenuItemID
GetWindowTextA
OpenWindowStationA
PeekMessageA
SetProcessWindowStation

Sections

.bwx
Size: 42KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.klincz
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qber
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ