fcfa3c979bcd14253947050005462d68_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcfa3c979bcd14253947050005462d68_JaffaCakes118
Size

48KB
MD5

fcfa3c979bcd14253947050005462d68
SHA1

66ad1a84e323b921f154a268795c305ece14d3bd
SHA256

73b90555fa40147a204351518f755dba0ee7003af5cb3c6a35b36ea5c48139f3
SHA512

78d403374da45780de94a24e8c2b509938b0b6eed533c7401233273df43044c637bceaff980725dd5340edae37583e82e9955eb85a17a363b94e2656c64736f5
SSDEEP

768:Rp0nEXmwdKeiBIOzF5FLN95PmI3xH4i9NgAvVekV50K+w6VjLM9E:ZKFIOp5+IBH1N7ekxQjwK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcfa3c979bcd14253947050005462d68_JaffaCakes118

Files

fcfa3c979bcd14253947050005462d68_JaffaCakes118
.exe windows:5 windows x86 arch:x86

947cf9b46300d25e4874c45a809cec21

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptCreateHash
DuplicateTokenEx
CryptGetHashParam
RegCloseKey
CryptReleaseContext
RegDeleteValueA
RegQueryValueExA

shlwapi

StrCmpNIA
SHDeleteKeyA
PathCombineW
PathMatchSpecW
PathFileExistsW
StrStrW
PathRemoveFileSpecW
wnsprintfW
wnsprintfA
StrCmpNIW
wvnsprintfW
wvnsprintfA
PathFindFileNameW

Sections

.kjmb
Size: 39KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dsfcl
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.twpgt
Size: 5KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ