5adfbd9b61f96f5a68a0bfa21b2749ea_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5adfbd9b61f96f5a68a0bfa21b2749ea_JaffaCakes118
Size

62KB
MD5

5adfbd9b61f96f5a68a0bfa21b2749ea
SHA1

3f2cc63c732e80461a9d4ae68245ae80cf560278
SHA256

ce3e86e8b249d092744e9c977ad5675b8f5242fc4dadbe5182b0ae0cbfa6bf9e
SHA512

91b92a3f77e74d4a80894a001a8e7e3af8e811067b83186f6d75d6d91518c06ac271e8d6d88d4430cafd83e9a1524bbc2d5f1c226ede33f3d597621438dfa191
SSDEEP

1536:Jqbqjw8vVe/0Hl7Qhta4l/v4LpPgzD/nW34G:JqgmMWa634dPOW39

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5adfbd9b61f96f5a68a0bfa21b2749ea_JaffaCakes118

Files

5adfbd9b61f96f5a68a0bfa21b2749ea_JaffaCakes118
.exe windows:4 windows x86 arch:x86

46afde3f416690599aec444ca6a1f7a5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptReleaseContext
CryptHashData
RegQueryValueExA
GetUserNameW
CryptCreateHash
RegEnumKeyExA
RegSetValueExA
DuplicateTokenEx
RegDeleteValueA
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash

kernel32

GetUserDefaultUILanguage
VirtualProtect
SetEvent
UnmapViewOfFile
WideCharToMultiByte
lstrcmpiW
lstrcpyA
Sleep
GetModuleHandleA
VirtualAlloc
lstrcpyW
CopyFileW
LoadLibraryA
GetSystemTime
GetModuleFileNameA
lstrlenA
CreateProcessW
lstrcpynW

shlwapi

PathFindFileNameW
wnsprintfA
PathRemoveFileSpecW
PathMatchSpecW
SHDeleteKeyA
wvnsprintfW
wnsprintfW
StrCmpNIA
StrStrW
PathCombineW
PathFileExistsW
StrCmpNIW

user32

GetClipboardData
GetDlgItemTextA
OpenDesktopA
GetWindowThreadProcessId
GetDlgItem
PeekMessageA
SetProcessWindowStation
GetWindowLongA
GetKeyboardState
EndDialog
OpenWindowStationA
CloseWindowStation
DispatchMessageA
MsgWaitForMultipleObjects

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE