2f96ab221f4f80ab8b1f52bf4ff63e10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2f96ab221f4f80ab8b1f52bf4ff63e10_JaffaCakes118
Size

62KB
MD5

2f96ab221f4f80ab8b1f52bf4ff63e10
SHA1

0e6dd912c17a3784eabec330b5db99f8058db4e7
SHA256

11127e5a9bb5f27182dfe4385738ac2523aa17017fa60080fcdaa368b90aa287
SHA512

d98fa3ce0a79531ce940ad812348ecca03c541b7501d1d8d5a3ff358975c817ff6ba160522b539f1eb78fdd28d31658d78c8823219d2bd8106e97c57a81e96a7
SSDEEP

768:Dn9wV3ksyhxhfyC800r8Hlh0moUoLpDXlJqMb4AAyOGdSd2zwqpGJ4CoSVlPL9ob:DCNUBfGgHlHojlJb4A1OG0gUqp5EPLK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f96ab221f4f80ab8b1f52bf4ff63e10_JaffaCakes118

Files

2f96ab221f4f80ab8b1f52bf4ff63e10_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b2491e1d81d8debede6ef5f2ea96e564

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
CreateMutexW
lstrcatW
HeapFree
WideCharToMultiByte
VirtualAlloc
GetFileTime
SetFilePointer
VirtualProtect
GetFileAttributesW
FindResourceW
GetTickCount
CloseHandle
FindClose
lstrlenA
SystemTimeToFileTime
GetUserDefaultUILanguage
HeapAlloc
EnterCriticalSection
GetModuleHandleA
lstrlenW
GetLocalTime
WaitForSingleObject

user32

EndDialog
GetCursorPos
SetProcessWindowStation
GetClipboardData
MsgWaitForMultipleObjects
GetWindowTextA
GetDlgItemTextA
GetForegroundWindow
OpenDesktopA
GetWindowLongA
GetKeyState
GetDlgItem
LoadCursorA
PeekMessageA
GetWindowThreadProcessId

shlwapi

wvnsprintfW
PathFileExistsW
wvnsprintfA
PathRemoveFileSpecW
PathCombineW
wnsprintfW
PathMatchSpecW
StrCmpNIW
SHDeleteKeyA
PathFindFileNameW
wnsprintfA

advapi32

CryptAcquireContextW
CryptHashData
CryptCreateHash
RegEnumKeyExA
RegCreateKeyExA
CryptGetHashParam
DuplicateTokenEx
CryptReleaseContext
RegQueryValueExA
CryptDestroyHash
RegDeleteValueA

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE