f6136dca8446cd98a02bf49795ec39c3_JaffaCakes118 | Triage

Sharing

General

Target

f6136dca8446cd98a02bf49795ec39c3_JaffaCakes118
Size

65KB
MD5

f6136dca8446cd98a02bf49795ec39c3
SHA1

b0b4d46155b7b99f3957c89deeadb193bf4b5ab5
SHA256

1351d3eb5f4ae22acf3a566810ce1341cd0ef5196bb8f56d3bcd0eabd4ab27f2
SHA512

676ad29d80cbef45941f86a58aa91f4ef6cad3884ea7b71c1d2a7157494133bfe6e9867da7e2e08e0908f14740557934a4f841c1d895644594a878209e08918f
SSDEEP

1536:CWTLMGacFt/EFy0XlPSedtbpmtny2RDxbfnfp2BHn+7OuTUKx:1LgcTEFDV6ebItn7RDxzngBH+zlx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f6136dca8446cd98a02bf49795ec39c3_JaffaCakes118

Files

f6136dca8446cd98a02bf49795ec39c3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

52774b2127abeeb5c6f822b45656292f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathMatchSpecW
PathRemoveFileSpecW
wnsprintfW
wvnsprintfW
StrCmpNIW
wvnsprintfA
PathCombineW
wnsprintfA
SHDeleteKeyA
StrStrW
StrCmpNIA

kernel32

VirtualProtect
SetFileTime
CreateEventW
GetModuleHandleA
VirtualAlloc
GetFileTime
lstrcatA
OpenMutexW
CloseHandle
FindNextFileW
FindClose
GlobalLock
lstrcpynW
CreateFileA
LeaveCriticalSection
MulDiv
InitializeCriticalSection
GetFileAttributesA
GlobalUnlock
CreateProcessW
GetLocalTime
HeapFree

user32

GetDlgItemTextA
GetDlgItem
LoadCursorA
SetThreadDesktop
GetWindowTextA
PeekMessageA
GetWindowLongA
GetWindowThreadProcessId
DispatchMessageA
GetMessageA

advapi32

RegDeleteValueA
CryptHashData
RegSetValueExA
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam
RegQueryValueExA
GetUserNameW
RegCreateKeyExA
CryptReleaseContext
RegCloseKey

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE