b4eaff5bd4a0cd8ae2b6f2cff1193708_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b4eaff5bd4a0cd8ae2b6f2cff1193708_JaffaCakes118
Size

88KB
MD5

b4eaff5bd4a0cd8ae2b6f2cff1193708
SHA1

15314d38701b76cb13561ed46d17ddaddafc20d4
SHA256

5b190b44d06508d36cbfc874db96ac0fe712676e7fbef16ad3d77436add78c41
SHA512

06fb9b0b63cfaa884990d7c5a3adbaf8424ce921bceccf1d72490fad192901a9e5900f0872e42666b4abfbe5bd073ba3d92849aea2a6f26e463aaecb8bc0b1e2
SSDEEP

1536:eoF33eapr8USKus5Sbhcq5CA5xR0XfDnST7Y/VHpRVY4yiLlA0SqYQKm2p:h3upKuLlx0LST7Y9iL0GpLp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4eaff5bd4a0cd8ae2b6f2cff1193708_JaffaCakes118

Files

b4eaff5bd4a0cd8ae2b6f2cff1193708_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f2bb66bf8a9cf364de3b528832229a17

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptHashData
DuplicateTokenEx
GetUserNameW
RegEnumKeyExA
RegSetValueExA

shlwapi

PathFileExistsW
SHDeleteKeyA
StrCmpNIA
StrCmpNIW
StrStrW
wnsprintfA

user32

DispatchMessageA
DrawIcon
GetKeyboardState
GetWindowTextA
GetWindowThreadProcessId
LoadCursorA
MsgWaitForMultipleObjects
OpenWindowStationA
PeekMessageA
SetMenuItemInfoW
SetThreadDesktop

Sections

.ybmnid
Size: 45KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.erozwb
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rwzux
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ