d9bb956e247d592ed535211395a1dc47_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d9bb956e247d592ed535211395a1dc47_JaffaCakes118
Size

46KB
MD5

d9bb956e247d592ed535211395a1dc47
SHA1

a3feb864f14b6aad9c6eef1af99846a20d763cf7
SHA256

2cb76c7656b200c682cd200ed7960161504413c46d6aca3b83f0661d1553e67e
SHA512

12a076f78bea76080ce4fa5b5fa48ac6e3207a7a6841bff8cb38bab2026322abc719169f7cc5a0b3a1d84da45abcc453fe180179a65ea88a379bdd697c2a4e94
SSDEEP

768:Kynf4B2D8kifaj9XpH/9K9Y36a8TAxu/Rx6wpcrcMaYjNjIKEL:PbDxTd/9K9Y3sT4u5R5hYj2X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9bb956e247d592ed535211395a1dc47_JaffaCakes118

Files

d9bb956e247d592ed535211395a1dc47_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ad4f619f5e334aa1d16c460246da68b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
RegQueryValueExA
RegDeleteValueA
RegCloseKey
CryptCreateHash
CryptGetHashParam
DuplicateTokenEx

shlwapi

wvnsprintfA
PathMatchSpecW
PathFindFileNameW
SHDeleteKeyA
PathRemoveFileSpecW
PathCombineW
wvnsprintfW
StrStrW
StrCmpNIW
wnsprintfW
PathFileExistsW
StrCmpNIA
wnsprintfA

Sections

.nmv
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bql
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cvux
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ