d0d72c3ae89d810fe551c42ded05ecd8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0d72c3ae89d810fe551c42ded05ecd8_JaffaCakes118
Size

46KB
MD5

d0d72c3ae89d810fe551c42ded05ecd8
SHA1

6faa305c385fd05dc60de5079a56075aaac084ef
SHA256

7f41a8b49bf27c8ecd56b7e3400131461f9f5702ea1fa6753d7aa1fd0b3df5e5
SHA512

d6a680adb8168720f62100eea984a572d1d8623e2d3eb6c0a5bf5f30a8b8c9fbe6d780aad3919e2b9236b9c58ece53e67f4daa6b1458b7a520e3572d34b9d1fd
SSDEEP

768:RbIbA1v0YH3SZ2uvWwrODAil+6l9zhCDi5e5N5/+Xoz1ba6vMI0OpY38:YMMzfS0il+69zui5e5nxbCI06b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0d72c3ae89d810fe551c42ded05ecd8_JaffaCakes118

Files

d0d72c3ae89d810fe551c42ded05ecd8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8e04d07ff9d3782fb7d38768b9729890

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
wnsprintfW
StrStrW
PathFileExistsW
SHDeleteKeyA
wvnsprintfW
StrCmpNIA
PathMatchSpecW
StrCmpNIW
PathRemoveFileSpecW
wnsprintfA
wvnsprintfA
PathCombineW

advapi32

RegCloseKey
CryptGetHashParam
CryptReleaseContext
RegDeleteValueA
CryptCreateHash
DuplicateTokenEx
RegQueryValueExA

Sections

.fszwh
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdkl
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xchex
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ