1c6ca2771616a514c27f210da208d657_JaffaCakes118 | Triage

Sharing

General

Target

1c6ca2771616a514c27f210da208d657_JaffaCakes118
Size

67KB
MD5

1c6ca2771616a514c27f210da208d657
SHA1

162232999c032b0886a47dc45272f323e1f9f356
SHA256

81be84757757babd0358b058d3c88c48cc44306b1b7493eec63aeae47f2419af
SHA512

3702e80798c7f6e0b1aa21001df88cf94a5f9c914bb94bf319459ac5cc3b54248463e67dca6d52dee3cddd3eed2e2fa10ddc437ea28120877017e2ad32d99c06
SSDEEP

1536:aPKYFACHuT8NJVC/7Mj6wlEyFIT58+9kh6Ppo9yPalGBB9:aZHQ8NqOr2uITTI6cma0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c6ca2771616a514c27f210da208d657_JaffaCakes118

Files

1c6ca2771616a514c27f210da208d657_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b6c47fee3e67893de07fd44667ea6e5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfW
SHDeleteKeyA
StrCmpNIA
wvnsprintfA
wnsprintfW
PathFileExistsW
StrCmpNIW
PathCombineW
PathRemoveFileSpecW
PathMatchSpecW
wnsprintfA
PathFindFileNameW

kernel32

GetFileSize
VirtualProtect
GetFileAttributesA
SystemTimeToFileTime
VirtualAlloc
lstrlenA
lstrcatA
ExpandEnvironmentStringsW
WaitForSingleObject
lstrcmpiW
LoadLibraryA
MultiByteToWideChar
CreateEventW
EnterCriticalSection
GetLastError
GetTimeZoneInformation
SetFilePointer
LeaveCriticalSection
CreateProcessW
HeapReAlloc
FindResourceW
GlobalLock
GetFileAttributesW

advapi32

CryptAcquireContextW
GetUserNameW
RegCloseKey
RegSetValueExA
CryptHashData
RegEnumKeyExA
RegQueryValueExA
DuplicateTokenEx
CryptCreateHash
RegDeleteValueA
CryptGetHashParam

user32

MsgWaitForMultipleObjects
SetThreadDesktop
OpenDesktopA
GetKeyboardState
GetWindowTextA
GetCursorPos
GetWindowLongA
GetDlgItemTextA
ExitWindowsEx
GetForegroundWindow
GetClipboardData
GetKeyState
FindWindowExA
SetProcessWindowStation

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE