689272b44f1a5fca5cb2c59e6a573da8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

689272b44f1a5fca5cb2c59e6a573da8_JaffaCakes118
Size

65KB
MD5

689272b44f1a5fca5cb2c59e6a573da8
SHA1

844df101ae98bbba8592f27315056783cd13b165
SHA256

ddf8c907e7678efb7628bcb008f0fe41c1b8f3b3686f3fc31d635bc38bb28cfe
SHA512

3bc7a5fc7c57c85e9c29bdd960220ec73ab8a38a46699b9adc4bc8cb7949efc578b7a64dd47766774ab9804251e5d56d1cb8e50ff6133ab71222ffbf7d6ec4ea
SSDEEP

1536:rGHFbsP5B/dA7PJy0MuQtxdmKE1Nj4ub7F0oHT1AQXAOG7WXf:rGlIP5B/dAU0MuQoH1NHGoHTSQQ77WXf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
689272b44f1a5fca5cb2c59e6a573da8_JaffaCakes118

Files

689272b44f1a5fca5cb2c59e6a573da8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e2002cd993142818d47589beb1d6242

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
wnsprintfW
PathFileExistsW
wnsprintfA
wvnsprintfW
StrStrW
SHDeleteKeyA
StrCmpNIW
StrCmpNIA
wvnsprintfA
PathCombineW

advapi32

GetUserNameW
CryptCreateHash
CryptHashData
RegCreateKeyExA
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
RegDeleteValueA
DuplicateTokenEx
CryptGetHashParam
RegQueryValueExA
RegSetValueExA
RegCloseKey

user32

EndDialog
GetKeyboardState
ToUnicode
CharLowerBuffA
GetMessageA
GetCursorPos
OpenDesktopA
FindWindowExA
GetIconInfo
GetWindowTextA
DispatchMessageA
CloseDesktop
SendMessageA
DrawIcon
OpenWindowStationA
SetThreadDesktop
GetKeyState

kernel32

CreateEventW
VirtualProtect
GetFileAttributesA
GetFileSizeEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
HeapFree
lstrcpyA
VirtualAlloc
GetUserDefaultUILanguage
GetFileSize
LoadLibraryA
GetProcAddress
lstrlenA
FindFirstFileW
ReleaseMutex
SetEvent
lstrcatA
GetModuleHandleA
CloseHandle
FindClose
HeapReAlloc
OpenMutexW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE