81f6f02e63e22dcc9402ddf0f4d9acc8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81f6f02e63e22dcc9402ddf0f4d9acc8_JaffaCakes118
Size

221KB
MD5

81f6f02e63e22dcc9402ddf0f4d9acc8
SHA1

2225e88791a4dd5938d59e67689f2c9aac37fee3
SHA256

9147b9005b3c04e6c5738dd060c535192102bfd012633db9aeefa3c8592d9878
SHA512

0b308b36d52c3d0edcba2a16a4cb5849db0f6cad221f260b029c5e8cccf42530b8ea0cedd9f8b8c62ee4ae197d40672ecd2225a6b7bb749c02515877a68a37ee
SSDEEP

3072:6naZGwXeFaIWA6tLHJu03nxbLYIMOHh1IycWAubVjlB/W3MhM3V1aJlXfNppRFm1:6WGFTb4ukCOBRhTbPB/Wcy3mlXf1KIfG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81f6f02e63e22dcc9402ddf0f4d9acc8_JaffaCakes118

Files

81f6f02e63e22dcc9402ddf0f4d9acc8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a825886b6cdb18097291b0dc033985da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomA
GetCurrentThreadId
lstrcatA
WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
lstrcmpA
GetLastError
GetTempPathA
ExitProcess
lstrcpyA
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
GetModuleHandleA
GetThreadContext
CreateProcessA
GlobalFree
TerminateProcess
ResumeThread
VirtualFree
lstrlenA
VirtualAlloc
OpenProcess

user32

GetFocus
SetThreadDesktop
GetThreadDesktop
wsprintfA
EqualRect
ClientToScreen
FindWindowA
GetWindowThreadProcessId
InflateRect
OpenInputDesktop
IsWindowVisible
CloseDesktop
GetCursorPos

shell32

ShellExecuteA

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA
OpenProcessToken

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE