21623b11a50e8b4949a7e0cfbd1f4c72_JaffaCakes118

General

Target

21623b11a50e8b4949a7e0cfbd1f4c72_JaffaCakes118
Size

65KB
MD5

21623b11a50e8b4949a7e0cfbd1f4c72
SHA1

da04a377d61de96bd7b6a89297e665bf73c68f82
SHA256

9eee22a5943d5d9b011719d5e303a68f48d18d8a67f36967bee592c8d1f69360
SHA512

a34e0df96ccbd4c8786fd29223b61e1a387b4e1ab19aca5dea094b266929872f331d2c2522a863971aa2ee528cf08e029155bbfce5c0966d6c17b02420726584
SSDEEP

1536:q/BG4yDaVtBOgxuNqq4P81Ttd3RaEyxIIcub7AAXDR:A7Lx848f8Ey66AA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21623b11a50e8b4949a7e0cfbd1f4c72_JaffaCakes118

Files

21623b11a50e8b4949a7e0cfbd1f4c72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4aee90b890356e9ed768c1ba7ad51c33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
VirtualProtect
FindResourceW
lstrcmpiW
ExpandEnvironmentStringsW
FindClose
VirtualAlloc
lstrcpyA
GetSystemTimeAsFileTime
GetTimeZoneInformation
EnterCriticalSection
GetUserDefaultUILanguage
lstrcpyW
lstrcatW
CreateFileA
ReleaseMutex
GetFileTime
SetFileTime
GetCommandLineA
InitializeCriticalSection
CreateThread
LeaveCriticalSection

user32

GetWindowLongA
SendMessageA
EndDialog
GetIconInfo
ExitWindowsEx
GetClipboardData
DispatchMessageA
GetCursorPos
FindWindowExA
CharLowerBuffA
GetForegroundWindow
GetWindowTextA
GetClassNameA
PeekMessageA
SetThreadDesktop
GetDlgItemTextA
OpenWindowStationA
GetDlgItem
GetWindowThreadProcessId
ToUnicode

shlwapi

PathCombineW
StrCmpNIA
PathMatchSpecW
StrStrW
PathFileExistsW
wnsprintfW
wnsprintfA
wvnsprintfA
wvnsprintfW
PathFindFileNameW

advapi32

RegDeleteValueA
RegQueryValueExA
CryptAcquireContextW
DuplicateTokenEx
CryptReleaseContext
CryptHashData
RegCreateKeyExA
CryptGetHashParam
CryptCreateHash

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4aee90b890356e9ed768c1ba7ad51c33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 512B - Virtual size: 20KB