8879058806c53764803d357c180e242e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8879058806c53764803d357c180e242e_JaffaCakes118
Size

61KB
MD5

8879058806c53764803d357c180e242e
SHA1

ab0ca21e8407b91ee57ab54cadc4744c4fab2714
SHA256

95ae46f353b549112cce8aa07bdaaa3fcf0af9016d9a7b291935c8af3d77c89c
SHA512

f3e5fe09a179294642d33e258a147be5714079a1aa55097b9fc4079b6c8bd53df7ed08ab66e6fa84928a15c279a460311eb5c3329beca7e3d88fc94fe93f8905
SSDEEP

1536:8pklZQa+Wzis4LTp2qNz+qMemx4HReJ48J3:8pQZQa+AiF2qNz+qEGxeB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8879058806c53764803d357c180e242e_JaffaCakes118

Files

8879058806c53764803d357c180e242e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbff9e0edf31c4ea7d1b45aed3cb9119

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetIconInfo
GetWindowTextA
GetWindowLongA
GetDlgItemTextA
GetWindowThreadProcessId
GetForegroundWindow
DispatchMessageA
GetClassNameA
EndDialog
SetThreadDesktop
ExitWindowsEx
OpenDesktopA

kernel32

GetFileAttributesW
Sleep
GetSystemTimeAsFileTime
CreateThread
ResetEvent
CreateMutexW
lstrcpyA
FindNextFileW
VirtualProtect
GetModuleFileNameW
CreateProcessW
SetFilePointer
GetFileSizeEx
GetModuleFileNameA
GetSystemTime
GlobalLock
SetFileTime
VirtualAlloc
FindResourceW
HeapReAlloc
FindFirstFileW

shlwapi

PathRemoveFileSpecW
PathCombineW
wvnsprintfA
wnsprintfW
PathFindFileNameW
wnsprintfA
PathMatchSpecW
StrCmpNIW
wvnsprintfW

advapi32

CryptDestroyHash
DuplicateTokenEx
RegQueryValueExA
CryptCreateHash
RegEnumKeyExA
CryptGetHashParam
CryptAcquireContextW
CryptHashData
RegDeleteValueA
CryptReleaseContext
RegCreateKeyExA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE