dcfbbaa3727f8e77e8e366f0414de561_JaffaCakes118 | Triage

Sharing

General

Target

dcfbbaa3727f8e77e8e366f0414de561_JaffaCakes118
Size

45KB
MD5

dcfbbaa3727f8e77e8e366f0414de561
SHA1

6893b51c9b2f3257870bfd3ff2e5057910fcf321
SHA256

ad15ad1d73086fe079d54f71af1b27d7305f06445b3477bb48cc84dbdd3d42ee
SHA512

4f19896512f3f0c3160ed9e20053614058318f853da46336851f0958a28484e10d876c386f57ba60a976867762444e8572e4f8b2d7184ab403fe2f65aa9b36d4
SSDEEP

768:dJ6rtnrPoNOgSXCTx0gQUCUqm++YqXPsSPhnZxSf5cZ7HVgS7GAs:2rtnrPoMMqACMZpZYy71gS7GA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcfbbaa3727f8e77e8e366f0414de561_JaffaCakes118

Files

dcfbbaa3727f8e77e8e366f0414de561_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d31c89a7e692a45d6dabb122e5813fce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
DuplicateTokenEx
CryptCreateHash
RegQueryValueExA
RegCloseKey
CryptReleaseContext
CryptGetHashParam

shlwapi

PathFileExistsW
wnsprintfA
StrCmpNIA
wvnsprintfW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW
SHDeleteKeyA
PathCombineW
wvnsprintfA
wnsprintfW
StrCmpNIW
StrStrW

Sections

.hkt
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jwh
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcz
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ