d4bfbb247f44aa49f41b79392345aa45_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4bfbb247f44aa49f41b79392345aa45_JaffaCakes118
Size

51KB
MD5

d4bfbb247f44aa49f41b79392345aa45
SHA1

bbddc117c400e4650796a72ff734741740bb475a
SHA256

5767dc915b1650db64d3e2250060dac1fdde9c5cf73ef8bc306207ff4583909a
SHA512

bde023be259477939e54f8b4582a3ca32fdc098e20354c3d6f722475bd26c9587aabf7c677aacde87a8ca59b09699ef1dff4705ca02ebcb5c382ccadaa6f265c
SSDEEP

1536:qbdhht1x8IFTr5mRgDKC22rE98IxnIpsCONao:qb3dmaDCmEwaCeao

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4bfbb247f44aa49f41b79392345aa45_JaffaCakes118

Files

d4bfbb247f44aa49f41b79392345aa45_JaffaCakes118
.exe windows:5 windows x86 arch:x86

584939a335bcc9a1cc97df6066e139a4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
GetUserNameW
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA

shlwapi

PathMatchSpecW
PathRemoveFileSpecW
StrCmpNIA
StrStrW
wnsprintfA
wnsprintfW
wvnsprintfW

user32

CloseWindowStation
DispatchMessageA
GetClassNameA
GetDlgItem
GetIconInfo
GetMenuItemID
GetWindowTextA
MsgWaitForMultipleObjects

Sections

.ihktit
Size: 42KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bitqn
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xopud
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ