849cbc5a858925994cd7d53b800eb7d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

849cbc5a858925994cd7d53b800eb7d9_JaffaCakes118
Size

499KB
MD5

849cbc5a858925994cd7d53b800eb7d9
SHA1

c410cc50ab3b3ff0a40c51692f7508b9c7f4241b
SHA256

410bf44c13e26cdfe02e3ee0726efa61bcf709924be72413a5f984dbd8fd4275
SHA512

5ff57f90b2986d2438fd02a56b23a4b854ba86a2e61d5ac6709f49e90ec27afd4883fea4e9d2248a2a7bd21a28cd3217dee69a901d161e89c120f6483a5c4ec5
SSDEEP

12288:85oLbyNnUxnwWB7rEbRooUFHI8eaWjwDL4I6tlpbLmu:QCyNnDWJrE9o9F/q4W16u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
849cbc5a858925994cd7d53b800eb7d9_JaffaCakes118

Files

849cbc5a858925994cd7d53b800eb7d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6baa2780066024f6f7fefdc7d623bbae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageA
GetClassNameA
FindWindowExA
ToUnicode
CloseWindowStation
GetKeyState
GetWindowLongA
GetMessageA
LoadCursorA
OpenWindowStationA
GetWindowTextA
GetForegroundWindow
PeekMessageA
GetCursorPos
SetThreadDesktop
CharLowerBuffA
EndDialog

advapi32

CryptHashData
DuplicateTokenEx
CryptGetHashParam
RegEnumKeyExA
CryptAcquireContextW
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
CryptCreateHash
GetUserNameW
CryptReleaseContext
RegCloseKey

kernel32

HeapAlloc
EnterCriticalSection
VirtualAlloc
CreateEventW
MulDiv
GetFileAttributesA
LeaveCriticalSection
InitializeCriticalSection
SetEvent
GetTimeZoneInformation
VirtualProtect
lstrlenA
FindFirstFileW
GetModuleFileNameA
CreateThread
GetModuleFileNameW
CreateFileA
WideCharToMultiByte
HeapFree

shlwapi

StrStrW
PathRemoveFileSpecW
wvnsprintfA
StrCmpNIA
PathFileExistsW
PathFindFileNameW
PathMatchSpecW
StrCmpNIW
SHDeleteKeyA
wnsprintfW
wvnsprintfW
wnsprintfA

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE