ecbf6a4b672687fad4dc7537765dbff6_JaffaCakes118

General

Target

ecbf6a4b672687fad4dc7537765dbff6_JaffaCakes118
Size

499KB
MD5

ecbf6a4b672687fad4dc7537765dbff6
SHA1

19625719ac6683fabb0c6a040d4ff0d509a1227c
SHA256

51cc311ab2c4279ce00cc9f9cd96eb4945b7b4e377d0314dd1a873753440f1db
SHA512

3068e57eabba3550dcfc9678af9112c80ea426c89f949d9d15282e60205fe955ec378609b41c8f91fe5cbec57b374276671940c94ceccd889c0eb693bf60e9db
SSDEEP

12288:SvDy2V/cM8hsN1h0wf49FeuapkF92VbapjhnmZQE:wDy2V/cJBwgreuarbKmZ9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ecbf6a4b672687fad4dc7537765dbff6_JaffaCakes118

Files

ecbf6a4b672687fad4dc7537765dbff6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

573e28df349ed5a966368ee3fc19d1cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
RegDeleteValueA
RegSetValueExA
RegCloseKey
CryptDestroyHash
CryptAcquireContextW
CryptReleaseContext

kernel32

GetFileSize
ReleaseMutex
LeaveCriticalSection
VirtualProtect
FindNextFileW
GlobalLock
VirtualAlloc
CloseHandle
GetModuleHandleA
EnterCriticalSection
GetFileAttributesW
WaitForSingleObject
SetFileTime
GetModuleFileNameW
HeapAlloc
ResetEvent
lstrcpyA
FindResourceW
WideCharToMultiByte
GetDiskFreeSpaceW
lstrcmpiW
CopyFileW
Sleep
SystemTimeToFileTime

user32

GetClassNameA
SetProcessWindowStation
CloseDesktop
GetForegroundWindow
GetCursorPos
EndDialog
FindWindowExA
GetKeyboardState
GetWindowThreadProcessId
GetMessageA
SendMessageA
SetThreadDesktop
GetDlgItem
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
CharLowerBuffA
LoadCursorA
GetKeyState
CloseWindowStation

shlwapi

wnsprintfA
SHDeleteKeyA
wvnsprintfW
PathMatchSpecW
StrCmpNIA
PathRemoveFileSpecW
PathFileExistsW
wvnsprintfA
wnsprintfW
StrCmpNIW
PathFindFileNameW
StrStrW
PathCombineW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

573e28df349ed5a966368ee3fc19d1cb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

shlwapi

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 20KB