a01890f7542c74b90b01d0d4ee4a5350_JaffaCakes118

General

Target

a01890f7542c74b90b01d0d4ee4a5350_JaffaCakes118
Size

238KB
MD5

a01890f7542c74b90b01d0d4ee4a5350
SHA1

b11f9ca3087fbc7ab738526b3c960c6bb36a8ef8
SHA256

d5f3998cc5207778e33faa0b4eb64633cfd7d9ed2d621b2effe54e4ee7136b8d
SHA512

3d104bcfb5001c155fad77b9bce4cfed3e774eee4130f8262cbb1426e804dbab273341b2c36fc34f357d48db9fdac0e674bb29134ed971b1639ccb1bad32caa9
SSDEEP

3072:2WQ4cr2uidXk/0SaEZO70VeHQ5ISpLAG6yPLqQ9ryVluvBVYCppuSSc26I8sg:2tTEt7SU0KQhFAGhLd9ryPiY4Og

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a01890f7542c74b90b01d0d4ee4a5350_JaffaCakes118

Files

a01890f7542c74b90b01d0d4ee4a5350_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88f040eacf7d71914c87324c96d07266

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSVirtualChannelWrite
WTSSetSessionInformationW
WTSSetUserConfigW
WTSVirtualChannelPurgeOutput
WTSQuerySessionInformationA
WTSSendMessageA
WTSEnumerateServersA
WTSOpenServerW
WTSTerminateProcess
WTSUnRegisterSessionNotification
WTSWaitSystemEvent

kernel32

OpenThread
GetFileAttributesA
SetErrorMode
ReadFile
OpenMutexW
GetTempPathA
ReadProcessMemory
lstrcmp
CopyFileExW
ReplaceFileA
OpenFileMappingA
GetStartupInfoA
lstrcpyA
GetExitCodeProcess
CreateMutexA
FindFirstFileW
HeapCreate
GetModuleHandleA
OpenEventW

shlwapi

UrlGetLocationA
UrlGetPartA
UrlCombineA
UrlUnescapeA
UrlEscapeA
UrlCanonicalizeA
PathCompactPathA
UrlCompareW
PathCombineA
UrlHashA
UrlIsNoHistoryA
PathIsRootW
PathCommonPrefixA

dbnmpntw

ConnectionWrite
ConnectionError
ConnectionClose

nddeapi

NDdeShareEnumA
NDdeShareDelA

shell32

DragQueryPoint
SHGetMalloc
ShellMessageBoxA
DllRegisterServer
ExtractIconA
FindExecutableA
DragAcceptFiles
SHFree
StrStrA
ShellAboutA
DuplicateIcon
SHFileOperationA
DragQueryFileA
ShellExecuteA
SHGetDesktopFolder
StrChrA
SHGetFileInfoA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

88f040eacf7d71914c87324c96d07266

Headers

File Characteristics

Imports

wtsapi32

kernel32

shlwapi

dbnmpntw

nddeapi

shell32

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 223KB - Virtual size: 223KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 223KB - Virtual size: 223KB