01b0b1acd71cc017815deae2b021b2b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01b0b1acd71cc017815deae2b021b2b9_JaffaCakes118
Size

64KB
MD5

01b0b1acd71cc017815deae2b021b2b9
SHA1

bdc056c86647f7b3c47984c61dfe6605cea03f38
SHA256

806743192da28bd592a907009351722ce457566ae5e7ac540e2420ddc19de61c
SHA512

17c4990a35ceae4eeffa9db0c073a9acce2eaaf77f9ca60f7438e909d898e8cd888adc19165ee8588d9b05f69a78c04482e3f9671fd58ab4a9a4dc4d313efe8f
SSDEEP

1536:+go0UpSL1wkOI5y1xIcvKp0CpYjeWMbjJJpQ78/K0p95p0i:otpG/O/WcvKpzpLWCJpQg/fX5ph

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01b0b1acd71cc017815deae2b021b2b9_JaffaCakes118

Files

01b0b1acd71cc017815deae2b021b2b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c8698e35b4a399707c09fc98734fe693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualAlloc
GetFileTime
lstrcpyA
lstrcatW
VirtualProtect

advapi32

RegDeleteValueA
RegEnumKeyExA
CryptDestroyHash
RegCloseKey
CryptGetHashParam
RegCreateKeyExA

shlwapi

PathRemoveFileSpecW
PathCombineW
wvnsprintfA

user32

SetProcessWindowStation
GetDlgItem
CloseDesktop
GetCursorPos

Sections

.test
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE