b63114e2d6607ffaaebd3dbeba236e98_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b63114e2d6607ffaaebd3dbeba236e98_JaffaCakes118
Size

623KB
MD5

b63114e2d6607ffaaebd3dbeba236e98
SHA1

b757debc5fc176db78f010bc9fc4c7cee601cddd
SHA256

00a6de103a7db303309676fb1b4b802a5940c643b6d866535e99ba77977138a4
SHA512

a22fbfb2267a8b7569d38fd9b35a9ad01e2bb9760a4710babb7cfb0acb2752cc04b5ee84abc0391671f900d4bb465a66b7e236f4b51beca717a9a556fc924be5
SSDEEP

12288:m5SLGOs4KVsJd7iS4b4gwOShzk6f7JkZlU1UL3IJBdCqVHT+R9kdbzEWNf748h+T:UiGbWO4zk6T2A1UbIlCmfEWh748K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b63114e2d6607ffaaebd3dbeba236e98_JaffaCakes118

Files

b63114e2d6607ffaaebd3dbeba236e98_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8404f6f8a6aa3be40afea968f26eb24b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
CryptCreateHash
RegQueryValueExA
RegDeleteValueA
CryptReleaseContext
CryptGetHashParam
RegCloseKey

shlwapi

StrStrW
wnsprintfW
StrCmpNIA
StrCmpNIW
PathCombineW
wnsprintfA
PathRemoveFileSpecW
SHDeleteKeyA
wvnsprintfA
PathFileExistsW
wvnsprintfW
PathMatchSpecW
PathFindFileNameW

Sections

.rwx
Size: 38KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yzud
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xerot
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ