680b607dda8f4c7832b40e23cd6fb5e5_JaffaCakes118

General

Target

680b607dda8f4c7832b40e23cd6fb5e5_JaffaCakes118
Size

62KB
MD5

680b607dda8f4c7832b40e23cd6fb5e5
SHA1

a5e620fa9fad0be47d5bba5d6341044f3c70d46a
SHA256

a09e7c55c5afda5a2275f0b72fb92f68388bdc859191c1ca3d762747c2b529a8
SHA512

3547c557b08592b89c18947aa112ae1d155e0ac9b8b2bd0dce570e33efc7cd97046545d54ba36d27f18c3bac82604788544bdebdc842a0f52c1adfe51db8974f
SSDEEP

1536:A6D4K8696tn29yATPjCxXKAZR6p2Ih5TCNEQc:AK4Kv96t2kA/CxXKyR6p2IrCNJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
680b607dda8f4c7832b40e23cd6fb5e5_JaffaCakes118

Files

680b607dda8f4c7832b40e23cd6fb5e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d2cafcee24be598bf1ee6316798be756

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
RegCloseKey
RegCreateKeyExA
CryptCreateHash
RegDeleteValueA
CryptDestroyHash
RegQueryValueExA
RegEnumKeyExA
CryptHashData
CryptGetHashParam
CryptReleaseContext

kernel32

GetModuleFileNameA
VirtualAlloc
GetModuleHandleA
InitializeCriticalSection
GetCurrentThreadId
VirtualProtect
EnterCriticalSection
GetFileSizeEx
FindNextFileW
GetUserDefaultUILanguage
ResetEvent
GetFileAttributesW
GetSystemTime
SetFileTime
lstrcmpiW
CreateThread
ReleaseMutex

user32

OpenDesktopA
PeekMessageA
GetWindowThreadProcessId
SendMessageA
ExitWindowsEx
SetProcessWindowStation
GetWindowLongA
MsgWaitForMultipleObjects
GetCursorPos
GetIconInfo
GetForegroundWindow
GetKeyState
CloseDesktop
DispatchMessageA

shlwapi

StrCmpNIA
wvnsprintfW
PathMatchSpecW
wvnsprintfA
PathRemoveFileSpecW
PathFindFileNameW
StrStrW
PathCombineW
wnsprintfW
SHDeleteKeyA
PathFileExistsW
StrCmpNIW
wnsprintfA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2cafcee24be598bf1ee6316798be756

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

shlwapi

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 20KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 20KB