8c776ff30a71418209c9523c65ffea08_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c776ff30a71418209c9523c65ffea08_JaffaCakes118
Size

67KB
MD5

8c776ff30a71418209c9523c65ffea08
SHA1

81fb18c04c429881e9d9caa1c94cf0e9bb2b1e58
SHA256

82b1102d957b9c3ce3475a9076e2c7d6cce5802a280a299285f6d6c7a2c9844e
SHA512

8e59796a3a04f7b7bfe43ff0889b54407f2d57d73284673b41ef1e1f6a6c3f8ad871a0309cd835a2c73798e146e7faeff030eaf627484f66a70e998cdc326ac3
SSDEEP

1536:Z3rLOrxwYYl5V8SxHh0SERxsr2CWdj7z9ebxUVvPX:Z3W9wYYaSjsxsIZVIa9f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c776ff30a71418209c9523c65ffea08_JaffaCakes118

Files

8c776ff30a71418209c9523c65ffea08_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f9df3b9fe9ccd60a594e444ab3cf9f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetVersionExW
GetCommandLineA
VirtualProtect
VirtualAlloc
GetFileAttributesA
lstrcmpiW
lstrlenW
CreateMutexW
GetFileSize
ExpandEnvironmentStringsW
lstrlenA
CreateThread
lstrcpyW
GetTimeZoneInformation
FindFirstFileW
HeapReAlloc
FindNextFileW
CreateFileA

shlwapi

PathCombineW
wvnsprintfW
SHDeleteKeyA
PathFindFileNameW
PathRemoveFileSpecW
wnsprintfA
PathFileExistsW
StrCmpNIW
StrStrW

user32

GetKeyState
SendMessageA
MsgWaitForMultipleObjects
PeekMessageA
GetIconInfo
EndDialog
DrawIcon
CloseWindowStation
SetThreadDesktop
GetDlgItemTextA
LoadCursorA
ToUnicode
DispatchMessageA
GetWindowLongA
SetProcessWindowStation
FindWindowExA
GetDlgItem
GetWindowThreadProcessId
GetClassNameA
GetMessageA
CharLowerBuffA

advapi32

RegEnumKeyExA
RegCreateKeyExA
DuplicateTokenEx
CryptAcquireContextW
RegSetValueExA
CryptDestroyHash
CryptReleaseContext
RegQueryValueExA
GetUserNameW
RegDeleteValueA

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE