301d604bf8f5f7db1c6d39349f0b5e27_JaffaCakes118

General

Target

301d604bf8f5f7db1c6d39349f0b5e27_JaffaCakes118
Size

61KB
MD5

301d604bf8f5f7db1c6d39349f0b5e27
SHA1

1a22d157a931592c52fd02e662f84c5612ed078d
SHA256

9bebb8d9650f133567b41705ebb77e4e12ed7b9f29d8152061cf56dd6efe6109
SHA512

178267bd32d9a989ad8ff56b92394edc4860745f247a11d79fed16dc8c04733b9471714f4db1b1214acaed291082e721f8802258966024c4faa27c261f14f036
SSDEEP

1536:srfXD9IcMzqdH7hHW4wK0BTypEyM3PR4RyK9Eqk0vibA:srvjMBRaM/ZQe0vibA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
301d604bf8f5f7db1c6d39349f0b5e27_JaffaCakes118

Files

301d604bf8f5f7db1c6d39349f0b5e27_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36e9b93f7c31e6393cea6167d70ae698

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
CryptCreateHash
CryptGetHashParam
RegCloseKey
CryptReleaseContext
CryptDestroyHash
CryptAcquireContextW
RegSetValueExA
RegEnumKeyExA
CryptHashData

kernel32

GetFileTime
GetFileAttributesA
VirtualProtect
FindFirstFileW
VirtualAlloc
GetModuleHandleA
GetUserDefaultUILanguage
FindNextFileW
HeapAlloc
ExpandEnvironmentStringsW
EnterCriticalSection
CreateFileA
WideCharToMultiByte
GetLastError
CreateEventW
GetAtomNameW
lstrcatA
CloseHandle
MulDiv
GetModuleFileNameW
OpenMutexW
UnmapViewOfFile
MultiByteToWideChar
CreateThread
HeapFree
GetEnvironmentVariableW

user32

GetIconInfo
OpenWindowStationA
GetKeyState
GetClassNameA
GetWindowTextA
SetProcessWindowStation
ExitWindowsEx
EndDialog
CloseDesktop
GetCursorPos
LoadCursorA
SetThreadDesktop

shlwapi

PathFileExistsW
StrStrW
wvnsprintfA
wnsprintfA
PathMatchSpecW
StrCmpNIW
PathFindFileNameW
wvnsprintfW

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 107B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

36e9b93f7c31e6393cea6167d70ae698

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

shlwapi

Sections

.text Size: 59KB - Virtual size: 58KB

.rdata Size: 512B - Virtual size: 107B

.data Size: 512B - Virtual size: 20KB

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 512B - Virtual size: 107B

.data
Size: 512B - Virtual size: 20KB