d196adcb4edb6e179a742ef9a3449956_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d196adcb4edb6e179a742ef9a3449956_JaffaCakes118
Size

397KB
MD5

d196adcb4edb6e179a742ef9a3449956
SHA1

14b285fde527c33e9d7e2279261fc02a72d285b5
SHA256

e5e16613da272e3049d9e03245b4a2d29b5ce34c7bcf1058fa12223ee2d0dfd2
SHA512

b83f0dd3319bb5169c06e0cfb2a1a3eb9ffd46244d0f19863769213f92fd4d99b572ec8ad46ef6fe0a88ddfee903b11450eb574922b0bd939c6a73c8639837ac
SSDEEP

12288:uo2crs6L8WfVZmMG0If/lDCDUCkVRjn1wvi:/rs6L8KVcMoBq81n2vi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d196adcb4edb6e179a742ef9a3449956_JaffaCakes118

Files

d196adcb4edb6e179a742ef9a3449956_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e848ddf1d0295735fcf82a6d82606706

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
DuplicateTokenEx
CryptCreateHash
RegCloseKey
RegDeleteValueA
CryptGetHashParam
RegQueryValueExA

shlwapi

SHDeleteKeyA
wvnsprintfW
wnsprintfW
wvnsprintfA
StrCmpNIW
PathMatchSpecW
wnsprintfA
PathFindFileNameW
PathFileExistsW
StrStrW
PathRemoveFileSpecW
PathCombineW
StrCmpNIA

Sections

.chsrun
Size: 39KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gvev
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lsroj
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ