b20e33f2eb37537275174ef223de0173_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b20e33f2eb37537275174ef223de0173_JaffaCakes118
Size

2.1MB
MD5

b20e33f2eb37537275174ef223de0173
SHA1

5f9d67200d471afd7bb5a7a142afe7b7b1ff6b16
SHA256

b98ab2cf6a18954329ff0744d46978fa242a9d65227c19d620a0cbc171ca3c7f
SHA512

e14e43119b1c18a0996e1cd74075dde56f673abbf7864fcdd3a491e26762aa1d0b30a15f39fabbff9b18f2f93a0241c8e8b6da780624d8af2b9c1cace02b8475
SSDEEP

24576:jsG4PHlS3B1bO2KpAe3GvISQtF5RC7VwC0hpxNSthec2btpaJ:34PF8KqkNtIVkI8cR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b20e33f2eb37537275174ef223de0173_JaffaCakes118

Files

b20e33f2eb37537275174ef223de0173_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6fb6b1ca305a6672d12b542af2c97b0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
CompareStringW
GetVersion
WideCharToMultiByte
MultiByteToWideChar
IsValidCodePage
GetTempPathW
GetModuleFileNameW
CloseHandle
GetLastError
HeapAlloc
VirtualAlloc

user32

SetWindowsHookExW
GetWindow
SetCursorPos
SetWindowTextW
SetWindowRgn
DestroyMenu
CharUpperW
SetDlgItemInt
DestroyWindow
UnregisterClassW
DrawEdge
DestroyCursor

advapi32

RegQueryValueExW
OpenSCManagerW
RegEnumValueW

crypt32

CryptEncodeObject
CryptDecodeObjectEx
CryptFindOIDInfo
CryptMsgGetParam
CertCloseStore
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CertFreeCRLContext
CertFreeCertificateChain
CryptQueryObject
CertGetNameStringW
CryptExportPKCS8
CryptAcquireCertificatePrivateKey
CryptExportPublicKeyInfo
CertGetEnhancedKeyUsage
CertAddStoreToCollection
CertOpenStore

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ