677c1957f429aca8a4e670c4acc66224_JaffaCakes118

General

Target

677c1957f429aca8a4e670c4acc66224_JaffaCakes118
Size

62KB
MD5

677c1957f429aca8a4e670c4acc66224
SHA1

5ab5fe736a6b0f07571ac37ae08af21d034ff40f
SHA256

b9130d016f2a65a039ae9954dbaec891df0f3605dcf967b70b36f961a0e5d0d5
SHA512

cb90e67698b2ef40de1ec12945ddca016843e4a3415f169274de87c3325848993a522b255f790e129709ba04016bbdd0d317ad5e2859f9366b85dd0237be953e
SSDEEP

768:mIK97LoA07XCRCbDZQp7SuJSZyw/sClFN4V1Ph7k/mDWWWcKmSifVVJ10EGqlL1s:mIK97sA07TqyPUClvkPy/MJVGnb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
677c1957f429aca8a4e670c4acc66224_JaffaCakes118

Files

677c1957f429aca8a4e670c4acc66224_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ac525004349489d8fc5d6056523e764

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIA
PathRemoveFileSpecW
StrStrW
wnsprintfW
PathMatchSpecW
wvnsprintfW
PathFindFileNameW
wnsprintfA
StrCmpNIW
wvnsprintfA

user32

ToUnicode
CloseDesktop
GetKeyState
SetProcessWindowStation
LoadCursorA
FindWindowExA
CloseWindowStation
GetClipboardData
SetThreadDesktop
GetWindowLongA
GetWindowThreadProcessId
ExitWindowsEx
PeekMessageA
GetMessageA
GetCursorPos
CharLowerBuffA

advapi32

CryptDestroyHash
CryptHashData
RegEnumKeyExA
CryptAcquireContextW
CryptGetHashParam
GetUserNameW
RegDeleteValueA
DuplicateTokenEx
CryptReleaseContext
RegSetValueExA
RegCloseKey
RegCreateKeyExA

kernel32

GetUserDefaultUILanguage
GetTimeZoneInformation
VirtualAlloc
GetFileAttributesA
FindClose
lstrcmpiA
GetEnvironmentVariableW
GetModuleFileNameA
FindResourceW
CreateEventW
CloseHandle
GetModuleHandleA
CopyFileW
VirtualProtect
SystemTimeToFileTime
Sleep
lstrcmpiW
EnterCriticalSection
CreateThread
GetFileAttributesW
GetProcAddress
GetCurrentThreadId
lstrlenW
lstrlenA
SetFileTime
GetFileSizeEx

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ac525004349489d8fc5d6056523e764

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

advapi32

kernel32

Sections

.text Size: 49KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 49KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 20KB