693c359d1c8ffb3a0aca3c4b74d6c5bb_JaffaCakes118 | Triage

Sharing

General

Target

693c359d1c8ffb3a0aca3c4b74d6c5bb_JaffaCakes118
Size

59KB
MD5

693c359d1c8ffb3a0aca3c4b74d6c5bb
SHA1

db70025a21549ad6a070295069ea8d8a41c30f88
SHA256

3f7d3f5a0dcf62094c5fa6d5fe4eb0ccf8d8f193678de459074ec4f7f07b0621
SHA512

a4a2e29b90504ef6f2dc5eaadedc981e930260fccf6ef17c47ff76c75f9cb5c88affbf0b5baad37061810c889c3f387c5910b29a5c2cc9b8d8a899cf7c9381c4
SSDEEP

1536:9EofuHj5iojnvKvuIJmGfxqAQWtd56qi5L6w8tIJs:93Oi0n4fHQWr56Z5L6w87

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
693c359d1c8ffb3a0aca3c4b74d6c5bb_JaffaCakes118

Files

693c359d1c8ffb3a0aca3c4b74d6c5bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cecc75cb5989ef5aeb62d58e3db8425a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathMatchSpecW
wnsprintfW
wvnsprintfA
PathFindFileNameW
wnsprintfA
PathFileExistsW
StrCmpNIW
StrCmpNIA
SHDeleteKeyA
StrStrW
wvnsprintfW

user32

GetClassNameA
EndDialog
MsgWaitForMultipleObjects
PeekMessageA
OpenDesktopA
SetProcessWindowStation
GetWindowLongA
SendMessageA
CloseDesktop
FindWindowExA
GetDlgItemTextA

advapi32

RegEnumKeyExA
RegCreateKeyExA
CryptDestroyHash
CryptReleaseContext
RegQueryValueExA
CryptCreateHash
RegSetValueExA
DuplicateTokenEx
RegDeleteValueA
CryptGetHashParam

kernel32

GetSystemTimeAsFileTime
VirtualProtect
GetVersionExW
GlobalLock
GetFileAttributesW
lstrlenA
InitializeCriticalSection
lstrlenW
lstrcatA
CreateFileA
GetFileSize
SetEvent
ResetEvent
GetLocalTime
GetUserDefaultUILanguage
lstrcmpiA
VirtualAlloc
EnterCriticalSection
GetLastError
SystemTimeToFileTime
GetModuleHandleA

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE