b3b4d1d0046279b1e7cadad63adfe567_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3b4d1d0046279b1e7cadad63adfe567_JaffaCakes118
Size

927KB
MD5

b3b4d1d0046279b1e7cadad63adfe567
SHA1

b68d2752cd326b63802bc991be3d3230b54ed3bd
SHA256

12df3166ccc1941d9411ee4072a8d50045c5e4750e7ec0589252296b4e6c3189
SHA512

e26752cdaba85c9fdb439b8b142b6e37060984d2b3abfa69c81d4087aca3a61d34895a5ef4998852e4e8daa465037bc22b6b553add135e24f0aa81837df8355b
SSDEEP

24576:g9lL7uE5fE4/hnLS7kcXd6wOUitsqwLkZfh:gbL7JnC2jZp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3b4d1d0046279b1e7cadad63adfe567_JaffaCakes118

Files

b3b4d1d0046279b1e7cadad63adfe567_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e8d8f89a2095ae706fb5a85eef8a5d9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA
DuplicateTokenEx
CryptReleaseContext
CryptCreateHash
RegCloseKey
RegDeleteValueA
CryptGetHashParam

shlwapi

StrCmpNIW
wnsprintfW
SHDeleteKeyA
PathFileExistsW
wvnsprintfA
PathRemoveFileSpecW
wvnsprintfW
StrStrW
StrCmpNIA
PathMatchSpecW
wnsprintfA
PathCombineW
PathFindFileNameW

Sections

.xsf
Size: 39KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nqx
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wrab
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ