467ae000898bdecf470c36f655deb9f0_JaffaCakes118

General

Target

467ae000898bdecf470c36f655deb9f0_JaffaCakes118
Size

258KB
MD5

467ae000898bdecf470c36f655deb9f0
SHA1

8eaf434779c6d9231d33d181ad1ef5d432e43818
SHA256

0b6ddcd8c9b1873c2e21eb4da8e272fff3c265381a05c9bde068b1b6cd1f5ace
SHA512

066504035892e9b052fad65be96f6a8d1e7eaf0b05d45187fa07f37825e21e261f635101ce5433abcfcde357dcb474f5e7d6e39558a9e09b2708705d8a97f6ed
SSDEEP

6144:deMr49070+kSk4zGnAIvIiCVAnJstDZLGPyjiE22W7DjIW0/xezF:0F90t10tJo1CajiE22W7DURx6F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
467ae000898bdecf470c36f655deb9f0_JaffaCakes118

Files

467ae000898bdecf470c36f655deb9f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d73dcd7d1b8c7ad23303104f8c4fc6c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetProcessWindowStation
GetWindowTextA
GetWindowThreadProcessId
DispatchMessageA
MsgWaitForMultipleObjects
CloseDesktop
CharLowerBuffA
SetThreadDesktop
GetForegroundWindow
LoadCursorA
DrawIcon
GetKeyState
ToUnicode
GetMessageA
GetKeyboardState
FindWindowExA
GetDlgItemTextA

shlwapi

wnsprintfA
StrStrW
PathFindFileNameW
wnsprintfW
PathRemoveFileSpecW
PathFileExistsW
wvnsprintfA
PathMatchSpecW
PathCombineW
wvnsprintfW

advapi32

CryptCreateHash
RegDeleteValueA
DuplicateTokenEx
CryptHashData
RegSetValueExA
CryptGetHashParam
RegCloseKey
CryptReleaseContext
GetUserNameW
RegQueryValueExA
CryptDestroyHash
RegEnumKeyExA

kernel32

VirtualProtect
VirtualAlloc
OpenMutexW
ExpandEnvironmentStringsW
SetFileTime
CreateFileA
FindFirstFileW
CloseHandle
CreateEventW
ResetEvent
GetSystemTimeAsFileTime
MultiByteToWideChar
LeaveCriticalSection
lstrcmpiA
FindResourceW
GetFileAttributesA
lstrcatW
lstrcpyW
HeapFree
GetTickCount
GetCommandLineA
CreateProcessW
GetTimeZoneInformation
lstrlenW
GetFileSizeEx

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d73dcd7d1b8c7ad23303104f8c4fc6c

Headers

DLL Characteristics

File Characteristics

Imports

user32

shlwapi

advapi32

kernel32

Sections

.text Size: 65KB - Virtual size: 65KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 65KB - Virtual size: 65KB

.data
Size: 512B - Virtual size: 20KB