74acf7fed99de16150bc7bea026b22a4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74acf7fed99de16150bc7bea026b22a4_JaffaCakes118
Size

259KB
MD5

74acf7fed99de16150bc7bea026b22a4
SHA1

3bd9497c4b35428f367e6484a57f67e9b86c535d
SHA256

43229f01244e27ec3721f2fba69ded9eb6e004f25af8f4b3e15fabcb42ea0b31
SHA512

62dddbebb567102a54b43a356a21a673fd14be4fb5721ec68c3e0e1ee69eed72b15fd47af4794ca9a6af620e1fae1275b76d21ba2361ae85017593534aaebcc1
SSDEEP

6144:+WxnBbsA+1FDZ/2L9mSNRrKYxnKAN/PGq0YayxhzTfjNJgmkKCdg9F:zh6zNM8SNR0yrHfMmkvdgT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74acf7fed99de16150bc7bea026b22a4_JaffaCakes118

Files

74acf7fed99de16150bc7bea026b22a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b77d4d3ba508a8111cf59f8ae6a26879

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

DuplicateTokenEx
CryptAcquireContextW
RegDeleteValueA
GetUserNameW
RegCloseKey
CryptHashData
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

shlwapi

PathMatchSpecW
PathCombineW
wnsprintfA
PathFileExistsW
SHDeleteKeyA
StrCmpNIW
wvnsprintfA
wnsprintfW
PathFindFileNameW
wvnsprintfW
PathRemoveFileSpecW
StrCmpNIA

kernel32

GetUserDefaultUILanguage
CreateFileA
EnterCriticalSection
SetEvent
InitializeCriticalSection
VirtualProtect
LeaveCriticalSection
Sleep
GetFileSizeEx
WideCharToMultiByte
VirtualAlloc
GetVersionExW
CloseHandle
WaitForSingleObject
lstrcatA
lstrlenA
GetCommandLineA
lstrcpynW
FindResourceW
GetModuleFileNameW

user32

GetKeyboardState
DrawIcon
GetDlgItemTextA
SetThreadDesktop
GetClipboardData
FindWindowExA
GetIconInfo
SetProcessWindowStation
DispatchMessageA
CharLowerBuffA
SendMessageA
GetWindowLongA
ExitWindowsEx
GetClassNameA
OpenWindowStationA

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE