e2b14a0b6f94eb18a83e96d242044d5b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2b14a0b6f94eb18a83e96d242044d5b_JaffaCakes118
Size

62KB
MD5

e2b14a0b6f94eb18a83e96d242044d5b
SHA1

9f4bec613f66e93dfaa64a2c76ac579384fd203b
SHA256

ecffafc2fd3ec796ef4327de2946325b58ed6ace9ad1d847e19f42febb612d9a
SHA512

f2f47e69f123a11650d00d9dd346a80a0db3267c5a5e21b1b54afecea32c05b46538b89b85ae5578953434f412b7854aa916c659627f181623ce80ea990c7cf4
SSDEEP

1536:xsgVW+4XW8s0+v8AJwmO6LcJzCfzDOt6CtP:OuW+cW8+8BYjzqt60

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2b14a0b6f94eb18a83e96d242044d5b_JaffaCakes118

Files

e2b14a0b6f94eb18a83e96d242044d5b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5af20d06895810917a3ac7aa707e8d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetWindowTextA
GetIconInfo
SetProcessWindowStation
GetKeyboardState
CloseDesktop
SetThreadDesktop
MsgWaitForMultipleObjects
GetForegroundWindow
OpenDesktopA
GetMessageA
GetWindowThreadProcessId

kernel32

CreateEventW
VirtualAlloc
ReleaseMutex
lstrcpynW
GetTickCount
VirtualProtect
GetLocalTime
GetFileAttributesW
GetSystemTime
CreateThread
WideCharToMultiByte
GetFileSize
FindResourceW
FindNextFileW
Sleep
HeapReAlloc
lstrcatW
GetModuleFileNameW
GetFileTime
GlobalLock
CreateFileA
CreateProcessW

shlwapi

wnsprintfA
wnsprintfW
StrStrW
StrCmpNIW
PathMatchSpecW
wvnsprintfA
SHDeleteKeyA
PathCombineW
PathRemoveFileSpecW
wvnsprintfW
PathFileExistsW

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
CryptCreateHash
CryptAcquireContextW
DuplicateTokenEx
GetUserNameW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE