bd8afe0f8d513a8a82a0db54a38d4234_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bd8afe0f8d513a8a82a0db54a38d4234_JaffaCakes118
Size

49KB
MD5

bd8afe0f8d513a8a82a0db54a38d4234
SHA1

4056c1655ec694f162cf49bfb0da5d67ff180f96
SHA256

c9d55e29476862b8880ada8c0ad2c5881ea64149cc53e8ddacc7941be31d1cb2
SHA512

83ac1a55c821b33e17e10efbefb59b237151b5df275df5286fc494015da883295b22cf72f7b14f7967ff045d2e9e6a66a99f45e38151382ec663b7403fa6da6e
SSDEEP

1536:PropAYiGBMmubYIIsnKAWVW4rrBsAnz2fxD:Pjn1/jKjrrBsA6JD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd8afe0f8d513a8a82a0db54a38d4234_JaffaCakes118

Files

bd8afe0f8d513a8a82a0db54a38d4234_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2e6da472836cc10a6ea6dd99fbdffd9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam

kernel32

HeapReAlloc

shlwapi

PathFileExistsW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
StrStrW
wnsprintfA
wvnsprintfW

user32

DispatchMessageA
DrawIcon
GetDlgItem
GetMessageA
GetWindowLongA
GetWindowThreadProcessId
LoadCursorA
OpenDesktopA
OpenWindowStationA
SetProcessWindowStation
ToUnicode

Sections

.zml
Size: 39KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfyluj
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xot
Size: 6KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ