87d8678986c9e70d8c6c8e966f27f5a3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87d8678986c9e70d8c6c8e966f27f5a3_JaffaCakes118
Size

966KB
MD5

87d8678986c9e70d8c6c8e966f27f5a3
SHA1

f0d6227098b77b68ba8f06b176f0084c65bea1eb
SHA256

99a770eb7e44e002b37dd22c01189172c5d262ac348eca75de2303e0ec82c1cf
SHA512

8bdbcce909b3f2d44c3167294aa4ca681e93da5552b056f11c265ff2ed20e8e29e52ed4a0129578093eda30df65424606ebf2d10c0aecfcd9fcfa30d6c0089b2
SSDEEP

24576:9wHVTtEVE8SSEfF4DJRUu3nvkPmKWXSxCcjBA0+c:ARCfJGQkm8b+Bc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87d8678986c9e70d8c6c8e966f27f5a3_JaffaCakes118

Files

87d8678986c9e70d8c6c8e966f27f5a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0ef8dc0762277a6d6cb58a69e627644

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
GetSystemTime
GetModuleHandleA
VirtualAlloc
GetFileAttributesA
GetModuleFileNameA
CreateProcessW
CopyFileW
lstrlenA
WideCharToMultiByte
LeaveCriticalSection
GetLocalTime
VirtualProtect
ReleaseMutex
ExpandEnvironmentStringsW
GetFileSizeEx
GetUserDefaultUILanguage

user32

CloseDesktop
SetProcessWindowStation
GetDlgItemTextA
GetWindowLongA
GetWindowTextA
GetClassNameA
MsgWaitForMultipleObjects
OpenWindowStationA
DrawIcon
CharLowerBuffA
FindWindowExA
CloseWindowStation
DispatchMessageA
GetMessageA
SetThreadDesktop
ExitWindowsEx

advapi32

CryptAcquireContextW
DuplicateTokenEx
RegEnumKeyExA
CryptCreateHash
CryptReleaseContext
CryptDestroyHash
RegCreateKeyExA
RegCloseKey
CryptHashData
RegDeleteValueA
GetUserNameW
CryptGetHashParam

shlwapi

wnsprintfW
StrStrW
PathCombineW
PathMatchSpecW
StrCmpNIW
PathRemoveFileSpecW
wvnsprintfA
PathFileExistsW
wvnsprintfW
SHDeleteKeyA
wnsprintfA

Sections

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE