d5a75c535b33fc09f1ab6e181d59fc84_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5a75c535b33fc09f1ab6e181d59fc84_JaffaCakes118
Size

864KB
MD5

d5a75c535b33fc09f1ab6e181d59fc84
SHA1

1bb498f25c5fd444df3b93ee5d1bb36eccc1b233
SHA256

6df7d6483269d2f01ad85e0e09920fbec75684d5ccf9b34c516a3105f3536f29
SHA512

582ced9565a6eb8586c1518fa894bdf679637e9cc45adfec1401659934d9810861d24abae3471d25d8333613fb98e6f303eb7692e08f5134bdd148191f70b979
SSDEEP

12288:xb6APcoSWb6APcoSc9cHO8smvBP8Ahug/U/Li4bywKwxry/F2mUAV7mJ:xbTPhbTPCO8z3aLiCy2xO/F29Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5a75c535b33fc09f1ab6e181d59fc84_JaffaCakes118

Files

d5a75c535b33fc09f1ab6e181d59fc84_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b33dcd798ce4958e92d4b07254a8006c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
GetUserNameW
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA

kernel32

InitializeCriticalSection

shlwapi

PathFileExistsW
PathFindFileNameW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
wnsprintfA

user32

EndDialog
GetCursorPos
GetMessageA
GetWindowLongA
LoadCursorA
MsgWaitForMultipleObjects
OpenDesktopA

Sections

.wpin
Size: 43KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wzyt
Size: 1024B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fip
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ