2bd38f50d2377bcc3e12721a35300322_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bd38f50d2377bcc3e12721a35300322_JaffaCakes118
Size

65KB
MD5

2bd38f50d2377bcc3e12721a35300322
SHA1

e1b1b74601036a26ed7945c70241f6f51ceed697
SHA256

fa6c36abd359aa02d16109397f3d3e57bf3be5b0ff19310f96f5659c350e03cf
SHA512

572070f71982ca68fa8c1bb6b39d91588ff3847580f56c588588e25a263a602c7f8a1b221808ff75238f48c1c024e377ffb71519583a4ff312608580759fd295
SSDEEP

1536:PI8ulwaD0LPqJ0I2wkHfPFcfw1zopgUe54upr4pcWtn:Q482wlqCgNl4pcWtn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2bd38f50d2377bcc3e12721a35300322_JaffaCakes118

Files

2bd38f50d2377bcc3e12721a35300322_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aaf012c89905e97d1b5021ae57a93e65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
RegSetValueExA
CryptDestroyHash
CryptCreateHash
RegEnumKeyExA
DuplicateTokenEx
CryptAcquireContextW
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
CryptReleaseContext

kernel32

HeapAlloc
VirtualAlloc
VirtualProtect
lstrcpynW
GetSystemTime
GetFileAttributesA
GetProcAddress
SetFilePointer
lstrcpyW
OpenEventW
ResetEvent
lstrcmpiA
LeaveCriticalSection
HeapFree
lstrcpyA
Sleep
HeapReAlloc
GetFileTime
FindResourceW
GlobalUnlock
CreateProcessW
GetCommandLineA
lstrcmpiW
CloseHandle
GetVersionExW
GetTimeZoneInformation

shlwapi

wnsprintfW
wvnsprintfW
SHDeleteKeyA
PathMatchSpecW
wvnsprintfA
wnsprintfA
StrStrW
PathFindFileNameW
StrCmpNIA
StrCmpNIW
PathCombineW
PathRemoveFileSpecW

user32

GetKeyState
DispatchMessageA
GetDlgItem
GetMessageA
OpenWindowStationA
GetClipboardData
LoadCursorA
SetProcessWindowStation
GetCursorPos
GetWindowLongA
ToUnicode
GetDlgItemTextA
CloseWindowStation
MsgWaitForMultipleObjects
GetWindowTextA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE