f551853ed32dd0cd260ab7c7ec560e0a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f551853ed32dd0cd260ab7c7ec560e0a_JaffaCakes118
Size

52KB
MD5

f551853ed32dd0cd260ab7c7ec560e0a
SHA1

6492300933824bdce21def3b0c3782f55e81a197
SHA256

4b7487c57d945c3b326576e59db11400110f1f4714894bf54337c51725e1b4ac
SHA512

aa07da9cb38b4951bf69b3fb630dac56b56da1a5f5c3dcf38094392dd728006cd481b894787257a6cfe81164ac794ac460c1e63a97405588cdedf3020008b79e
SSDEEP

768:qUKSJnrQMaXJHTA/9ba/+e6oDLcd9NPpC9Y9LOAWwVPyDRqnTqhGMjkqU08Wqa3L:qrirQMwHTA/9CrTu9lByYTiG//AqeA0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f551853ed32dd0cd260ab7c7ec560e0a_JaffaCakes118

Files

f551853ed32dd0cd260ab7c7ec560e0a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

163185551a0fbc5695edebf8f962cf72

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExA

kernel32

lstrlenA

shlwapi

PathFileExistsW
PathFindFileNameW
PathMatchSpecW
PathRemoveFileSpecW
SHDeleteKeyA
StrCmpNIA
StrCmpNIW
wnsprintfA
wnsprintfW

user32

CloseWindowStation
FindWindowExA
GetClassNameA
GetCursorPos
GetDlgItem
GetForegroundWindow
GetWindowThreadProcessId
PeekMessageA
SetProcessWindowStation
ToUnicode

Sections

.stazwl
Size: 42KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yxmn
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pyr
Size: 6KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ