269480b6c024969c21c7c1b8af6d8ba1_JaffaCakes118

General

Target

269480b6c024969c21c7c1b8af6d8ba1_JaffaCakes118
Size

65KB
MD5

269480b6c024969c21c7c1b8af6d8ba1
SHA1

8909f7d1b31991b70b131513c5f9b188e9be476f
SHA256

6c9073894cfe8cc49223b2c2a86bfb9c3f694e90e5d2923cfe46e08655d9aee9
SHA512

111a3a92a71180398dcb2808b3f09271cbeeb279115545b3e09947537db76c23fda0b7b670868496ba5aca8903e3254b77510817fb4bed0b463e8c22050a87f9
SSDEEP

1536:pJZmJVWs9lGq4iu1khZNXeGoZ6ie5ExNFPcYk/pG:zgHWiljgkbUGQ6PK3mYX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
269480b6c024969c21c7c1b8af6d8ba1_JaffaCakes118

Files

269480b6c024969c21c7c1b8af6d8ba1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

15e0f863ad5d96d551283edb9f6280f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
lstrlenA
lstrcmpiA
GetModuleFileNameA
VirtualAlloc
GetModuleHandleA
CreateThread
GetUserDefaultUILanguage
WideCharToMultiByte
GetFileTime
GetFileAttributesA
InitializeCriticalSection
lstrcpynW
GetFileSize
EnterCriticalSection
CreateEventW
HeapReAlloc
VirtualProtect
HeapFree
GlobalLock
ExpandEnvironmentStringsW
FindResourceW
GetTickCount

user32

SetThreadDesktop
OpenDesktopA
GetDlgItem
EndDialog
GetClassNameA
OpenWindowStationA
GetWindowThreadProcessId
FindWindowExA
LoadCursorA
DispatchMessageA
GetCursorPos
GetIconInfo
GetWindowTextA
DrawIcon
CloseDesktop

shlwapi

PathFileExistsW
SHDeleteKeyA
PathFindFileNameW
PathCombineW
StrCmpNIW
StrStrW
StrCmpNIA
wnsprintfW
wvnsprintfA
wnsprintfA
wvnsprintfW
PathRemoveFileSpecW

advapi32

CryptGetHashParam
DuplicateTokenEx
RegEnumKeyExA
CryptCreateHash
CryptReleaseContext
CryptHashData
RegCreateKeyExA
RegCloseKey
CryptDestroyHash
RegDeleteValueA
RegSetValueExA
CryptAcquireContextW
GetUserNameW
RegQueryValueExA

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15e0f863ad5d96d551283edb9f6280f2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shlwapi

advapi32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 512B - Virtual size: 16KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 512B - Virtual size: 16KB