6752a0fdc8a85cfa63a8502d18922d33_JaffaCakes118

General

Target

6752a0fdc8a85cfa63a8502d18922d33_JaffaCakes118
Size

99KB
MD5

6752a0fdc8a85cfa63a8502d18922d33
SHA1

2be21d972dc6bcaa0788130ae88c14483119ae0a
SHA256

ebcc3117b6d098ea7851c5cad4175ac0748d9e21f2d43bde73704499bf2e337b
SHA512

ce7b0e611a81be4f89a376ae92ea5f554c78f0618e4e7ce4c08133a4afb4cf38a1289b706fdaa7566cd1c7fae7e23447a3ffbde0d62d3ab138d2276c7379aea2
SSDEEP

1536:royxnvS2DvP3HR27vOxJddj64RgZHNW6MwKG/aGQhwogXGouvS9gP87TcvZ5S:rPxnvRp2CR5GHNOGlUwZWoIP95S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6752a0fdc8a85cfa63a8502d18922d33_JaffaCakes118

Files

6752a0fdc8a85cfa63a8502d18922d33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

26b141124ad50539046bd6010558f95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
wvnsprintfW
StrCmpNIA
PathCombineW
PathFileExistsW
PathRemoveFileSpecW

advapi32

CryptHashData
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
RegDeleteValueA
CryptDestroyHash
CryptGetHashParam
RegCreateKeyExA
RegEnumKeyExA
GetUserNameW
RegCloseKey
RegSetValueExA

kernel32

GetFileAttributesA
GetCurrentThreadId
WaitForSingleObject
ExpandEnvironmentStringsW
FindFirstFileW
GetLastError
GetTimeZoneInformation
CreateFileA
VirtualProtect
FindClose
HeapReAlloc
MultiByteToWideChar
lstrlenW
GetCommandLineA
GetModuleFileNameA
VirtualAlloc
GetModuleHandleA

user32

DispatchMessageA
MsgWaitForMultipleObjects
CharLowerBuffA
GetClassNameA
CloseDesktop
SetThreadDesktop
SetProcessWindowStation
OpenWindowStationA
GetKeyboardState
GetIconInfo
GetDlgItem
LoadCursorA
GetDlgItemTextA
ToUnicode

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 933B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

26b141124ad50539046bd6010558f95f

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

advapi32

kernel32

user32

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 1KB - Virtual size: 9KB

.rdata Size: 1024B - Virtual size: 933B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 1KB - Virtual size: 9KB

.rdata
Size: 1024B - Virtual size: 933B

.rsrc
Size: 1KB - Virtual size: 1KB