d41bd0a4777bbe4b5707e69fa6c3dd83_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d41bd0a4777bbe4b5707e69fa6c3dd83_JaffaCakes118
Size

473KB
MD5

d41bd0a4777bbe4b5707e69fa6c3dd83
SHA1

c4277c3ef3afc70a5a12af0789c9235430e21f81
SHA256

70055802a91f4ab02f950c591c9a7939bf1934768f696c17904f84582c4bda19
SHA512

fde5025c3a178e799f4404b0fdf9ea9d19dbd7314cff39fd88ff0d9763d431c11629ad57a81cc2f114cf63c489b6cff69bfc16ada82f6b191b81ac8cd17ed5f4
SSDEEP

6144:m5TCnL5VqTPJkzOTfdKSzMNPMdw15CgGcb2i3oPVefyVz2Stk3/o:m5SL2ezOTf3MTWgGu4aS2StkPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d41bd0a4777bbe4b5707e69fa6c3dd83_JaffaCakes118

Files

d41bd0a4777bbe4b5707e69fa6c3dd83_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8404f6f8a6aa3be40afea968f26eb24b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
CryptCreateHash
RegQueryValueExA
RegDeleteValueA
CryptReleaseContext
CryptGetHashParam
RegCloseKey

shlwapi

StrStrW
wnsprintfW
StrCmpNIA
StrCmpNIW
PathCombineW
wnsprintfA
PathRemoveFileSpecW
SHDeleteKeyA
wvnsprintfA
PathFileExistsW
wvnsprintfW
PathMatchSpecW
PathFindFileNameW

Sections

.rwx
Size: 38KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yzud
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xerot
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ