eaf39376656cf46d6bbc6f3fd52477d7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

eaf39376656cf46d6bbc6f3fd52477d7_JaffaCakes118
Size

46KB
MD5

eaf39376656cf46d6bbc6f3fd52477d7
SHA1

13449900d6d93808552ef533d10ddc2928c2a362
SHA256

9b2e9849ba617c353eac97a940834a07565b41ecf7baf78db60925a853a8edd7
SHA512

b1c50c45c8bb75f4a6050d1d737bec35b7361a4da22d50cdd418ac1ea387cd03d10d980e018d656e9aef00488fa04a56996ab75493433a36e12f1ca1d866515e
SSDEEP

768:GAtHNP+Mvl5erp57aQApk8vUCx2ufAq9bCFwvIf5D9lKkWlkfdOaT2i9DmmnMB1j:SMvUlMrUCxvR9bmwgZTKxQT2qmmn0w0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eaf39376656cf46d6bbc6f3fd52477d7_JaffaCakes118

Files

eaf39376656cf46d6bbc6f3fd52477d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fc0e16f202fb78631823ecf2d694322c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
StrStrW
wvnsprintfA
wvnsprintfW
PathMatchSpecW
SHDeleteKeyA
StrCmpNIW
wnsprintfW
StrCmpNIA
PathCombineW
PathFileExistsW
PathFindFileNameW
wnsprintfA

advapi32

CryptReleaseContext
DuplicateTokenEx
RegQueryValueExA
RegDeleteValueA
RegCloseKey
CryptGetHashParam
CryptCreateHash

Sections

.srmt
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qfwr
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.yhkh
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ