f00e3cf0bb84d92b40d5e519292ca549_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f00e3cf0bb84d92b40d5e519292ca549_JaffaCakes118
Size

50KB
MD5

f00e3cf0bb84d92b40d5e519292ca549
SHA1

3a2e333c1da69ba5465a0d88dd4cba857dad57f5
SHA256

5f577aa78338e1a1c4192efd73f0043441e746131b2c6bf1895c17054479b297
SHA512

e9232b22c14aa9e60dcc1d175ee87baa2e62a7426784e2e7b283e405999ccb03867a6b37417685cc736d9dbca80306e9922a19439f3d4a589a43d8d593cf5cb7
SSDEEP

768:I74T3yB99ZbL6E+m48XdPIjSl59G0XZbnl/WqrVlnVTbzXLeuyMv:IiiB99B+A4FE3FVxlrguJv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f00e3cf0bb84d92b40d5e519292ca549_JaffaCakes118

Files

f00e3cf0bb84d92b40d5e519292ca549_JaffaCakes118
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

21a065a20abbf43472b24783a3652159

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx

kernel32

GetFileSizeEx

shlwapi

PathFileExistsW
PathFindFileNameW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIW
wnsprintfW
wvnsprintfA

user32

CloseDesktop
CloseWindowStation
DispatchMessageA
ExitWindowsEx
GetDlgItem
GetKeyState
LoadCursorA
MsgWaitForMultipleObjects
OpenWindowStationA
PeekMessageA
SetThreadDesktop

Sections

.nyx
Size: 40KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.puncp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xwx
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ