6afd50c10bae3a354c8cbe52352a0c70_JaffaCakes118

General

Target

6afd50c10bae3a354c8cbe52352a0c70_JaffaCakes118
Size

65KB
MD5

6afd50c10bae3a354c8cbe52352a0c70
SHA1

9da4059f191b469490eb352782614b3e1b2f8502
SHA256

0f5d36ab749e8640defb85619e73f82bd0618ceb03747f40af6aec69c63e63d5
SHA512

7598b591105cc8c8706f5fd9c9cbf32c9fb550ca0a92c2e276e5cbacd9eca17d07c7a004e71a7a4de59eec4f80aa3dc44a071bcadfc98cef89de8db418f5cd04
SSDEEP

1536:puU/Kn5uK+0iNUZ7CxhcwCyWjTLElZdGTSKtu5oul:g+B0iNUZeLcwCyWvLEFGTQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6afd50c10bae3a354c8cbe52352a0c70_JaffaCakes118

Files

6afd50c10bae3a354c8cbe52352a0c70_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0cf084e1fb4f945e5880eec885a8edf8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
RegDeleteValueA
RegEnumKeyExA
CryptHashData
CryptCreateHash
CryptDestroyHash
CryptGetHashParam
CryptAcquireContextW
RegQueryValueExA
CryptReleaseContext

user32

GetClassNameA
GetDlgItem
GetCursorPos
OpenWindowStationA
DispatchMessageA
FindWindowExA
GetKeyboardState
GetIconInfo
CloseDesktop
GetDlgItemTextA
DrawIcon
ExitWindowsEx
ToUnicode
PeekMessageA
MsgWaitForMultipleObjects
EndDialog
GetClipboardData
GetMessageA
GetWindowThreadProcessId
GetWindowLongA
GetForegroundWindow
GetWindowTextA
GetKeyState

kernel32

SetFilePointer
GlobalLock
VirtualAlloc
WideCharToMultiByte
GetFileAttributesA
GetFileAttributesW
VirtualProtect
EnterCriticalSection
SetEvent
lstrlenA
LeaveCriticalSection
FindClose
lstrcmpiA
LoadLibraryA
lstrcmpiW
lstrcpyW
ExpandEnvironmentStringsW
SetFileTime
GlobalUnlock
OpenMutexW
GetModuleHandleA
GetSystemTimeAsFileTime

shlwapi

SHDeleteKeyA
PathMatchSpecW
wvnsprintfW
StrCmpNIA
StrCmpNIW
wnsprintfW
PathRemoveFileSpecW
wvnsprintfA
PathFindFileNameW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cf084e1fb4f945e5880eec885a8edf8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

shlwapi

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 512B - Virtual size: 16KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 512B - Virtual size: 16KB