3d83c6e354b9f8dfc7881d41602b868a_JaffaCakes118

General

Target

3d83c6e354b9f8dfc7881d41602b868a_JaffaCakes118
Size

65KB
MD5

3d83c6e354b9f8dfc7881d41602b868a
SHA1

d884d3b3bc9d94b698404159bddb56bbb6a8a4d4
SHA256

2ccb9224ba354d3d706f8bed85237a284dbbb3bfef1c22ee0dd9c11f6394395a
SHA512

eed57da2f28c08920f8590768f272e0c9584c9d7c641eb755a86d1a156d6fbdfdb1a96677a8e56ecb6d01b6a8bf3ddae1f789b613b878c830f5a11106aeb529a
SSDEEP

1536:bBx7kesVbzyUlZ6XmD+7DDCJ8ulRksX9D44VLrLd:bBV1sVbHZw7yJ8uXNDfNd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d83c6e354b9f8dfc7881d41602b868a_JaffaCakes118

Files

3d83c6e354b9f8dfc7881d41602b868a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e78b5f88b9103697169467b5403626e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
SHDeleteKeyA
wnsprintfA
PathMatchSpecW
PathFileExistsW
wvnsprintfA
PathCombineW
wnsprintfW
wvnsprintfW
StrCmpNIA
PathRemoveFileSpecW

user32

SetThreadDesktop
GetCursorPos
GetDlgItem
DrawIcon
SendMessageA
CloseDesktop
CharLowerBuffA
DispatchMessageA
GetClassNameA
GetWindowLongA
GetIconInfo
GetForegroundWindow
EndDialog
OpenDesktopA
OpenWindowStationA
MsgWaitForMultipleObjects
ExitWindowsEx
GetWindowThreadProcessId

advapi32

CryptReleaseContext
CryptGetHashParam
RegCloseKey
RegCreateKeyExA
RegSetValueExA
GetUserNameW
CryptCreateHash
CryptDestroyHash
DuplicateTokenEx
CryptHashData
RegQueryValueExA
CryptAcquireContextW

kernel32

WideCharToMultiByte
LeaveCriticalSection
OpenMutexW
lstrcmpiW
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameA
VirtualProtect
VirtualAlloc
CreateEventW
FindFirstFileW
HeapAlloc
GetFileAttributesA
lstrcpyA
SetFilePointer
CreateFileA
lstrlenA
EnterCriticalSection
ResetEvent
lstrcmpiA
ReleaseMutex
CreateThread
SetFileTime

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e78b5f88b9103697169467b5403626e9

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

advapi32

kernel32

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 512B - Virtual size: 16KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 512B - Virtual size: 16KB