6868efcdc10ebd4ebf344fc311ea6a5d_JaffaCakes118 | Triage

Sharing

General

Target

6868efcdc10ebd4ebf344fc311ea6a5d_JaffaCakes118
Size

67KB
MD5

6868efcdc10ebd4ebf344fc311ea6a5d
SHA1

63b9920a18e91ac06135cba99cd98a9ba2b678b2
SHA256

57307abd2aee051ef55ccf54618e2b4b651c4e6553b002adae9a36dd4472685e
SHA512

f593b813e0b3c830cf827b2a9a3894b3d41e05a0ce7d84af2a900e47cee45eeec9a3cfd5450060b7c0c02a7d66ab0eeb372184c445a0c2127cdfa0da3e25c14b
SSDEEP

1536:w9PdHOekQdtoLbkOQ7usiIwLyINsDeNWf/2dExZp7:w2ehdKL5Q1iIJ4saNY77

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6868efcdc10ebd4ebf344fc311ea6a5d_JaffaCakes118

Files

6868efcdc10ebd4ebf344fc311ea6a5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd4572fe966a2d9762d0081149c2aa2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wvnsprintfW
PathFileExistsW
PathCombineW
StrStrW
StrCmpNIA
wnsprintfA
wvnsprintfA
PathMatchSpecW
SHDeleteKeyA
wnsprintfW
PathRemoveFileSpecW
PathFindFileNameW

kernel32

lstrcpynW
VirtualAlloc
HeapReAlloc
lstrcatA
GetTimeZoneInformation
VirtualProtect
lstrcmpiA
GetVersionExW
GetFileAttributesA
GetTickCount
CreateFileA
CreateEventW
EnterCriticalSection
HeapAlloc
GetSystemTime
GetFileTime
InitializeCriticalSection
Sleep
MultiByteToWideChar
ReleaseMutex

advapi32

RegSetValueExA
RegEnumKeyExA
CryptGetHashParam
CryptReleaseContext
RegCreateKeyExA
GetUserNameW
RegCloseKey
CryptCreateHash
RegDeleteValueA
DuplicateTokenEx
CryptAcquireContextW
CryptDestroyHash
RegQueryValueExA

user32

DispatchMessageA
FindWindowExA
SetThreadDesktop
GetCursorPos
ExitWindowsEx
OpenDesktopA
GetWindowTextA
GetKeyboardState
DrawIcon
CloseWindowStation
CharLowerBuffA
GetForegroundWindow
LoadCursorA
SendMessageA
PeekMessageA
SetProcessWindowStation
MsgWaitForMultipleObjects

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE