28f00bd7bc16be4eb7114f70bb3c4827_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

28f00bd7bc16be4eb7114f70bb3c4827_JaffaCakes118
Size

147KB
MD5

28f00bd7bc16be4eb7114f70bb3c4827
SHA1

baa77fb7ddd40c073519bbda262cdc9ef6529cdf
SHA256

e32a5a11b218e9c0e08dff24a09cffb67e5e4586d99a960c3d5bbf2ecd8390c1
SHA512

14ce801477b881f44ce9295963025010818e1f497356cb8f5e253ba7c431f511b467698a938f8ba5d42880cd33400da887d545d78f8b0b3bf558389db9a8b670
SSDEEP

1536:+iFmKu1dXJJ0RQ84kFAK40W9MSVK2AphmTLgbRaz/76wiyMwT:+iFNczYe8AK4x9MSsDV8fi5wT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28f00bd7bc16be4eb7114f70bb3c4827_JaffaCakes118

Files

28f00bd7bc16be4eb7114f70bb3c4827_JaffaCakes118
.exe windows:5 windows x86 arch:x86

57fd114560fce66d1e98d6e29b907d5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfW
wvnsprintfW
SHDeleteKeyA
wvnsprintfA
PathCombineW
PathRemoveFileSpecW
StrCmpNIA
PathFindFileNameW
PathMatchSpecW
PathFileExistsW
wnsprintfA
StrCmpNIW
StrStrW

advapi32

CryptGetHashParam
RegCloseKey
CryptReleaseContext
RegDeleteValueA
RegQueryValueExA
CryptCreateHash
DuplicateTokenEx

Sections

.ybilgd
Size: 36KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qrcziv
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cbub
Size: 5KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ