04d9d1d63bd4c5e741f4211577b5d321_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

04d9d1d63bd4c5e741f4211577b5d321_JaffaCakes118
Size

456KB
MD5

04d9d1d63bd4c5e741f4211577b5d321
SHA1

7ee21b7ea56418da4a7ea351657b02df27aa1119
SHA256

cf7c0e0bcd9377adc812948108d600a77b0cb0c2e8295f2a057e9607ad7586bc
SHA512

a4e7b2eb339e356e2c22ce1f73628833a53b8b1ed25473315a340cc53ac985c6438249030b0a30b05355e5441efdd788717fda697e8c3f17dee0b8104eb8061e
SSDEEP

12288:8oFCB8FWiEBbAL60eqvTfDDqDbLQ64xqKWLsei3:yniQAL6vqrKDQaKWe3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04d9d1d63bd4c5e741f4211577b5d321_JaffaCakes118

Files

04d9d1d63bd4c5e741f4211577b5d321_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ffd576e69c9f18d8640aafb144588881

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

wnsprintfA
wvnsprintfW
PathMatchSpecW
StrStrW
StrCmpNIW
wvnsprintfA
wnsprintfW
PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW

kernel32

MulDiv
VirtualProtect
lstrcpyW
lstrcmpiW
GetModuleHandleA
ReleaseMutex
CreateEventW
VirtualAlloc
lstrcmpiA
GlobalLock
FindClose
GetLastError
GetProcAddress
CreateFileA
Sleep
CloseHandle
HeapReAlloc
lstrlenW
GetSystemTime

user32

GetCursorPos
SetThreadDesktop
CloseWindowStation
DispatchMessageA
CharLowerBuffA
DrawIcon
GetIconInfo
SendMessageA
GetKeyboardState
OpenWindowStationA
CloseDesktop
MsgWaitForMultipleObjects
PeekMessageA
EndDialog
GetDlgItemTextA

advapi32

RegSetValueExA
CryptReleaseContext
RegCreateKeyExA
CryptDestroyHash
RegQueryValueExA
CryptAcquireContextW
CryptGetHashParam
CryptHashData
RegEnumKeyExA
GetUserNameW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE