c150794121e521485620f68767b49b65_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c150794121e521485620f68767b49b65_JaffaCakes118
Size

52KB
MD5

c150794121e521485620f68767b49b65
SHA1

7d38ce280c70aa698880b76065953409e5b0fa67
SHA256

3824a19583a4762bf6de10a7f191239c011faafdae36e972c898b2cb7c4714d6
SHA512

602f496af4229e818cd4fffedd9d477b853dc629243174d209f899f2829f1664b7d58969d69694e93c9eaf800a88c6301a31a08434b9ea7e84f741f76ce32365
SSDEEP

768:BYhCERtk0aDhMXPRNYroUpn9syTSC4IDQcJmtTWfhWzcCXJq8kM:BroiWX3YXjx9J6TWfScs8DM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c150794121e521485620f68767b49b65_JaffaCakes118

Files

c150794121e521485620f68767b49b65_JaffaCakes118
.exe windows:5 windows x86 arch:x86

757790fb0ebaf65f2a8010fd2e7396ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptCreateHash

kernel32

CreateProcessW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
SHDeleteKeyA
StrStrW
wnsprintfW
wvnsprintfA
wvnsprintfW

user32

CloseWindowStation
EndDialog
GetClipboardData
GetCursorPos
GetDlgItem
GetIconInfo
GetWindowLongA
GetWindowThreadProcessId
LoadCursorA
PeekMessageA
SendMessageA
ToUnicode

Sections

.fibsn
Size: 42KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zgtel
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tud
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ