66c273a95fd2eb12ed8e75aeb0605494_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

66c273a95fd2eb12ed8e75aeb0605494_JaffaCakes118
Size

113KB
MD5

66c273a95fd2eb12ed8e75aeb0605494
SHA1

ede2031609cb88d81955aef02419b39b2b4fd3a3
SHA256

41211980277a51bf212201d797d6279e6d50e3926df5014d0a6b7d28ac18e1a9
SHA512

f9f10fa310eb6153dabd1b57e099e730772c6b1da6e60b3830f9a9c36ddcab77327fb535e40b9510d19e37be3844dc0d4ac18cf400181bcbadf1cfc43dca9475
SSDEEP

3072:aPqLrcL6LHQcR8QOvSsi/rNQM/Mo9BZJlVDIwTv5QfvexOM:GqLQLYPSVvS35QpobRW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66c273a95fd2eb12ed8e75aeb0605494_JaffaCakes118

Files

66c273a95fd2eb12ed8e75aeb0605494_JaffaCakes118
.exe windows:4 windows x86 arch:x86

51c19300f4305f23b246591f20c56ce2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CryptSIPAddProvider

pdh

PdhGetFormattedCounterArrayW

ole32

HGLOBAL_UserFree

user32

GetWindowRect
CopyRect
GetKeyState
GetShellWindow
IsRectEmpty
EndPaint
GetIconInfo
GetCaretPos
IsIconic
GetForegroundWindow
DrawTextExW
GetKeyboardState

wintrust

CryptCATCDFEnumAttributes

ntdll

wcscat
wcscpy
memcpy

kernel32

GetModuleFileNameW
GetTickCount
GetBinaryTypeW
UpdateResourceA
SetFileShortNameW
GetEnvironmentStrings
GetLastError
RemoveDirectoryA
GetStdHandle

advapi32

CryptEncrypt

msvcrt

srand
_time64
_gmtime64
rand

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.crt
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ