bf3579cda81236758edd296c93d0339b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf3579cda81236758edd296c93d0339b_JaffaCakes118
Size

180KB
MD5

bf3579cda81236758edd296c93d0339b
SHA1

747b1554129dcc9015e6f26a89bd354b60313640
SHA256

b9e0ee302ca95c5db1573032d483fbeb0e63423501f600fe0c9fa1699969ac01
SHA512

8b356c306af6845839da450f5139b65fbffae9c0c8b35536f28bdcc8904215dcdb5b3da903c5f6ddea2b587aa91e213d07681f3019cfd2b5cdf7214cc9e95043
SSDEEP

3072:oSiC2TrTNRuPj0RYARPKby1ZGHrWtrv/17s/IJkqcncAv+rayNyx9m1i+8u:oIWTbuPjaYPymShv/G/I3AKHNy28u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf3579cda81236758edd296c93d0339b_JaffaCakes118

Files

bf3579cda81236758edd296c93d0339b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

80843e2647d4e0eba33a5723c97c8fee

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
GetUserNameW
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA

kernel32

InitializeCriticalSection

shlwapi

PathCombineW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
StrCmpNIW
wvnsprintfW

user32

CharLowerBuffA
DispatchMessageA
EndDialog
GetIconInfo
GetMessageA
GetWindowLongA
LoadCursorA
PeekMessageA

Sections

.rcdub
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mjch
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vsdux
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ