e8d0fb867c1228ef53693ed16f8ee0a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e8d0fb867c1228ef53693ed16f8ee0a3_JaffaCakes118
Size

67KB
MD5

e8d0fb867c1228ef53693ed16f8ee0a3
SHA1

b5ea28b1fc8251599fc4b3aed8c5b935d6f8ce27
SHA256

973c797a00c11fecb4efcbd26e4041f8127b957005e613809bc5b42665b5afaa
SHA512

ee7c0d54bcabdb84812e8d80d2a6cfbe512809789c5e5bbb3989d00d3125a4bfd2299624cfb059b0775914b80f98501f0a308d1d7773192cb8c17292dec2d120
SSDEEP

1536:9tsIY3R0DFoqRWt0VtaNWZZPHBTW4TEnjUAz2:9t/kCNjoi1BT7En7z2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e8d0fb867c1228ef53693ed16f8ee0a3_JaffaCakes118

Files

e8d0fb867c1228ef53693ed16f8ee0a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a0661093c89e8866d4b8df304b9461f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
FindResourceW
GetUserDefaultUILanguage
lstrlenW
OpenMutexW
GlobalUnlock
GetCommandLineA
VirtualProtect
GetVersionExW
GetTickCount
lstrcpynW
LoadLibraryA
VirtualAlloc
InitializeCriticalSection
CreateProcessW
GetFileSizeEx
GetFileAttributesW
HeapFree
LeaveCriticalSection
GetFileAttributesA

shlwapi

wvnsprintfA
wnsprintfA
StrCmpNIA
wnsprintfW
StrStrW
PathCombineW
StrCmpNIW
wvnsprintfW
PathMatchSpecW
PathFileExistsW
PathFindFileNameW

user32

GetWindowThreadProcessId
FindWindowExA
GetKeyboardState
EndDialog
GetClipboardData
LoadCursorA
CloseWindowStation
ToUnicode
DispatchMessageA
SetThreadDesktop
GetDlgItem
SetProcessWindowStation
GetCursorPos
MsgWaitForMultipleObjects
GetWindowTextA
GetClassNameA
ExitWindowsEx
GetWindowLongA

advapi32

CryptReleaseContext
RegSetValueExA
CryptCreateHash
RegDeleteValueA
CryptHashData
GetUserNameW
CryptGetHashParam
DuplicateTokenEx
RegCloseKey
CryptDestroyHash
CryptAcquireContextW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE