6a96aa51975baca41debe34cff7ccfe6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a96aa51975baca41debe34cff7ccfe6_JaffaCakes118
Size

63KB
MD5

6a96aa51975baca41debe34cff7ccfe6
SHA1

dbd339cd36e25ac4810e0e68851de5058d237b7d
SHA256

ef25f48e1096150aaadafe5ad3023841c56799dd03e24fbe7ca46342485fbb12
SHA512

1f13a4400c571927fdcfd0b199b3ea499e43ed2fbf0f7c1c23fcb590b25ea9c3c238f03bc3567a31247afc411416d09bcc6b7379746a309896ee92183005519f
SSDEEP

1536:zlz8ysxchPEA0gMhwy1X4SZ0znm2KEzQxLtzyH/lkoy:zLsKhPE6YJ4oMm2HQdlydFy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a96aa51975baca41debe34cff7ccfe6_JaffaCakes118

Files

6a96aa51975baca41debe34cff7ccfe6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

93525ac587a930dec66c8d9ed5682a62

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptHashData
RegEnumKeyExA
RegCreateKeyExA
CryptDestroyHash
DuplicateTokenEx
GetUserNameW
CryptAcquireContextW
CryptReleaseContext
RegDeleteValueA
CryptCreateHash
RegQueryValueExA
CryptGetHashParam
RegCloseKey

kernel32

VirtualProtect
HeapAlloc
lstrlenW
VirtualAlloc
GetProcAddress
FindNextFileW
GetSystemTime
OpenMutexW
lstrcatW
GetLocalTime
SystemTimeToFileTime
GetTimeZoneInformation
GetFileAttributesA
lstrcpynW
CreateFileA
ExpandEnvironmentStringsW
Sleep
MulDiv
GlobalLock
SetFileTime
lstrlenA
GetFileSizeEx

user32

GetKeyboardState
GetForegroundWindow
SetProcessWindowStation
PeekMessageA
DrawIcon
GetDlgItemTextA
SetThreadDesktop
OpenWindowStationA
DispatchMessageA
GetClipboardData
ExitWindowsEx
LoadCursorA
GetWindowTextA
GetKeyState
FindWindowExA
OpenDesktopA

shlwapi

PathMatchSpecW
StrCmpNIW
PathFindFileNameW
PathFileExistsW
StrStrW
PathRemoveFileSpecW
wnsprintfW
PathCombineW
SHDeleteKeyA
StrCmpNIA
wnsprintfA
wvnsprintfA

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE