b23dbe6110156c7a51cfbfc84ddb529a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b23dbe6110156c7a51cfbfc84ddb529a_JaffaCakes118
Size

734KB
MD5

b23dbe6110156c7a51cfbfc84ddb529a
SHA1

8857c21e75f4aec3c048b0053c3c88dddb21d70d
SHA256

6f2db9ab88c6c1e69bb50871445215f3dc055209ef509cb609fa37f74dc17a21
SHA512

17550ebf06b651f422afd3f487ce198ea26c950b35f6124437fd352e03093e8461ceb7fec8c8a41210980837d51d3a1465e018f1a0118503281c7ecbe8a54585
SSDEEP

12288:W2M1Ss/iwgmEHFlTC5+kcyUW9SKQJh7d8pm7Q8SXJJ8WmC942ixLaR:W2S6wgmeDkdhSKppIQFJS694vxWR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b23dbe6110156c7a51cfbfc84ddb529a_JaffaCakes118

Files

b23dbe6110156c7a51cfbfc84ddb529a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faa9c368aa163e3f336b4675b7387769

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
RegCloseKey
RegEnumKeyExA
CryptCreateHash
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA

shlwapi

PathRemoveFileSpecW
PathCombineW
StrCmpNIA
SHDeleteKeyA
wnsprintfA
StrStrW
PathFileExistsW
wvnsprintfW
PathMatchSpecW
wvnsprintfA
StrCmpNIW

user32

GetIconInfo
GetDlgItemTextA
FindWindowExA
GetClipboardData
GetKeyboardState
GetWindowThreadProcessId
DispatchMessageA
GetMessageA
GetWindowLongA
SetThreadDesktop
DrawIcon
OpenWindowStationA
CloseDesktop

kernel32

lstrcatA
VirtualProtect
GetFileAttributesA
VirtualAlloc
SystemTimeToFileTime
lstrlenW
WaitForSingleObject
CreateProcessW
WideCharToMultiByte
OpenMutexW
lstrcpyA
FindFirstFileW
MultiByteToWideChar
GetFileAttributesW
HeapReAlloc
ExpandEnvironmentStringsW
LeaveCriticalSection
lstrcpynW
CloseHandle
GetLastError
GetCommandLineA
GlobalLock
FindClose

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE