efde5c549660f3d176a09e94647a273a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efde5c549660f3d176a09e94647a273a_JaffaCakes118
Size

46KB
MD5

efde5c549660f3d176a09e94647a273a
SHA1

8ac7d19494ab1b59dab2f854a6fdc2c13aac9b8e
SHA256

63f254bd1004b50a6e5bd34aba115a3ca04a63488e0a831ad443b271f9e05b0e
SHA512

ecf0cf88b6fcd1dff77cb8106fe23e6526dcaf29175a965e823cb3bb1194fbe2b2dc8fe738a1ee0cd64db207145000f5ac4ebbe7c3eb4afc4e10e0f95aedb0d2
SSDEEP

768:8+5kY/ilOlCpVw8XNCAlLuaHxAVK8xI409qjvOwHX5VxeCXSC:8BYalmC7/XNnuaHgxvOwHJVco

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efde5c549660f3d176a09e94647a273a_JaffaCakes118

Files

efde5c549660f3d176a09e94647a273a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7fb856b3ac2ca43b344869ee4dce7302

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
StrCmpNIW
StrCmpNIA
wnsprintfW
PathMatchSpecW
wvnsprintfA
PathCombineW
PathRemoveFileSpecW
wnsprintfA
PathFileExistsW
PathFindFileNameW
StrStrW
wvnsprintfW

advapi32

CryptCreateHash
CryptGetHashParam
RegQueryValueExA
DuplicateTokenEx
RegDeleteValueA
CryptReleaseContext
RegCloseKey

Sections

.nqpor
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bir
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itab
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ