abe80ebb0ae505c258ab53855417278a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abe80ebb0ae505c258ab53855417278a_JaffaCakes118
Size

62KB
MD5

abe80ebb0ae505c258ab53855417278a
SHA1

b48d73225e70f78e204309a7622bb6b54257b3c6
SHA256

a0246a5bfa30ceb36fd7e345391bb67f82af3809df407ebd96d2bfc1f4ab1e96
SHA512

f1f96813e9ed8226d490e138bcf53840b8adf42f7773d90bc6310e8ba676b5c77b9ab0f16f0b28e7e191aefc4c176d50a99e8cda06d2175a51c938584ce83df8
SSDEEP

1536:OcX6RsuqOLQk8b6Gnz8GFFRLhSrJkSJO59PldU2m:OLCb6sLRLhSr6Sc/vU2m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abe80ebb0ae505c258ab53855417278a_JaffaCakes118

Files

abe80ebb0ae505c258ab53855417278a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7d53e9551aecbaf92e9d8a8ebaede491

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
SHDeleteKeyA
PathCombineW
PathFileExistsW
StrCmpNIA
PathMatchSpecW
wnsprintfA
wnsprintfW

advapi32

CryptAcquireContextW
CryptDestroyHash
RegSetValueExA
RegCloseKey
CryptCreateHash
RegEnumKeyExA
DuplicateTokenEx
RegDeleteValueA
CryptReleaseContext
CryptHashData
RegCreateKeyExA

kernel32

WideCharToMultiByte
InitializeCriticalSection
GetCurrentThreadId
VirtualProtect
CreateEventW
GetFileAttributesW
GetFileSizeEx
GetAtomNameW
EnterCriticalSection
FindNextFileW
GetModuleHandleA
VirtualAlloc
GetSystemTimeAsFileTime
ResetEvent
CreateThread
HeapFree
GetEnvironmentVariableW
CloseHandle
SetFileTime
CreateFileA
OpenMutexW

user32

GetClassNameA
GetIconInfo
EndDialog
FindWindowExA
CloseDesktop
GetMessageA
GetClipboardData
GetCursorPos
CharLowerBuffA
GetDlgItemTextA
PeekMessageA
ToUnicode
GetWindowLongA
ExitWindowsEx

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE