68463ca0b4363324d320cae043944d46_JaffaCakes118 | Triage

Sharing

General

Target

68463ca0b4363324d320cae043944d46_JaffaCakes118
Size

64KB
MD5

68463ca0b4363324d320cae043944d46
SHA1

6af50e157333af2e0d56eebf0ac47c011d18ebc2
SHA256

b9239d4a14599b8c763c1d49e2fa78d5d1c60e6279b604fc13940a8576066f18
SHA512

61efabd31e539100ddd41247016d9b6ba5a82179b4eeec89c1b0a9f9d2158e97a9bcd789bbd40b33ed74bad7bc310b763c0da6f6ecde7b7fc3ab8d3a49969cd9
SSDEEP

1536:0YZVX+8k78lXDOIdJf5lk14idV6RkmZuFuaMHbrobtInqlcSoXpxw:0YZVS7IaKH+4YpfUaMHQ1oXk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68463ca0b4363324d320cae043944d46_JaffaCakes118

Files

68463ca0b4363324d320cae043944d46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c3abece30826b29cda2b8b9784a6137

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathCombineW
wnsprintfA
StrCmpNIW
StrCmpNIA
PathFileExistsW
PathMatchSpecW
wvnsprintfA
PathFindFileNameW
wvnsprintfW
wnsprintfW
PathRemoveFileSpecW
SHDeleteKeyA

kernel32

lstrlenW
lstrcpyA
VirtualProtect
VirtualAlloc
lstrlenA
SetFilePointer
Sleep
GetFileAttributesA
CreateProcessW
MultiByteToWideChar
LoadLibraryA
EnterCriticalSection
GetLocalTime
WideCharToMultiByte
GetTimeZoneInformation
GetUserDefaultUILanguage
lstrcmpiW

user32

EndDialog
GetClipboardData
ExitWindowsEx
GetMessageA
GetDlgItem
GetDlgItemTextA
GetKeyState
OpenWindowStationA
CloseDesktop
MsgWaitForMultipleObjects
SetThreadDesktop
LoadCursorA
GetWindowLongA
ToUnicode
GetWindowTextA
GetKeyboardState
PeekMessageA
FindWindowExA
SendMessageA
GetWindowThreadProcessId
GetClassNameA

advapi32

RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
CryptDestroyHash
GetUserNameW
RegCloseKey
RegCreateKeyExA
CryptCreateHash
CryptReleaseContext
CryptGetHashParam

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE