deac264f819ab03ced463b3df533ffa3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

deac264f819ab03ced463b3df533ffa3_JaffaCakes118
Size

545KB
MD5

deac264f819ab03ced463b3df533ffa3
SHA1

594815769d14c63310531234c8a3416a467624e7
SHA256

5c6678305efd175c1050f5e24c608bb066364ce6d852fdf615b6861ad7189811
SHA512

9d459373f87d987fcb394ca588b8c4af30a1a206867df0ec23b780bc4443d6d028d8ea67d0a88b538d498e276f8ad7a3fd26b50991eba73df76600d0b3b598d6
SSDEEP

12288:RiLoZVrlKXQfEUMUlhkvNL4uJ05KmeynAiyBVmFGLXMP92Gl4U:RiLWV1fBThWL4Gj5ynAiyXmFqCHl4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
deac264f819ab03ced463b3df533ffa3_JaffaCakes118

Files

deac264f819ab03ced463b3df533ffa3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

84d4a91c7c20c31bfd83394eb2cc6633

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

advapi32

CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptReleaseContext
RegCreateKeyExA
RegEnumKeyExA
RegSetValueExA

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrCmpNIA
StrCmpNIW
wnsprintfA
wnsprintfW
wvnsprintfA
wvnsprintfW

user32

GetClassNameA
GetCursorPos
GetWindowTextA
LoadCursorA
SetMenuItemInfoW
SetProcessWindowStation
ToUnicode

Sections

.kzkxgb
Size: 42KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kdib
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xyrot
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ