81c4385eb959b53da84e3740c4095048_JaffaCakes118 | Triage

Sharing

General

Target

81c4385eb959b53da84e3740c4095048_JaffaCakes118
Size

61KB
MD5

81c4385eb959b53da84e3740c4095048
SHA1

6307f1d13000a4c6f74c838bd253586f95b6e32d
SHA256

0e0a6d27fbe14ccd69e2c41a3c2dd9c312181fd7d7aca2117c9ce462e69390ac
SHA512

788be484c965f1f0cebab4889978b83c616f4121abf784e5820b0e7961851f894d70b94ec19e03bb5f0fe53e6120eecbb979f72e30fed681c4ae4b7cd51422c3
SSDEEP

1536:MBOjity3/7iFw2PnYD57y2+rrQotEZl/n5JuW:4g1/7iFwKn8N+4xhJB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81c4385eb959b53da84e3740c4095048_JaffaCakes118

Files

81c4385eb959b53da84e3740c4095048_JaffaCakes118
.exe windows:4 windows x86 arch:x86

44d5b07d462901b6b5cab30382247900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIW
PathCombineW
wvnsprintfA
PathFindFileNameW
StrStrW
PathFileExistsW
StrCmpNIA
wnsprintfW
PathMatchSpecW
PathRemoveFileSpecW

user32

MsgWaitForMultipleObjects
GetDlgItemTextA
GetCursorPos
CloseWindowStation
SendMessageA
GetWindowThreadProcessId
ToUnicode
SetThreadDesktop
GetDlgItem
OpenDesktopA
EndDialog
PeekMessageA
GetWindowTextA
FindWindowExA
ExitWindowsEx
CharLowerBuffA
OpenWindowStationA

kernel32

OpenMutexW
GetSystemTime
lstrcpynW
GetModuleHandleA
VirtualAlloc
lstrcatW
GetUserDefaultUILanguage
WideCharToMultiByte
CreateMutexW
HeapFree
GlobalLock
GetCurrentThreadId
VirtualProtect
lstrcatA
FindClose
GlobalUnlock
CreateThread
TryEnterCriticalSection
GetFileAttributesA

advapi32

CryptAcquireContextW
RegEnumKeyExA
CryptGetHashParam
RegDeleteValueA
CryptDestroyHash
RegCreateKeyExA
CryptCreateHash
RegSetValueExA

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE