b3060a79a0e708d2b895806aac91cf12_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b3060a79a0e708d2b895806aac91cf12_JaffaCakes118
Size

493KB
MD5

b3060a79a0e708d2b895806aac91cf12
SHA1

cc0fbe9715756b954a2d2cb30453198ab2655364
SHA256

c29cf003c393dea68899ae0754c0da32e4b02f18642e33fb1cbcc5bc27c2fdcd
SHA512

ed1d8e05bc0ad2b91d42b134df4a3487c688cb17ec56a5e46adc502ca29fa372cedb5ce3fe4125e2abdc0060caf1c249b351927d067f14cb2a4a9067e7f2427f
SSDEEP

6144:PfvWLs8epdkXL2mSwo9sZwt3mgIi2Dt8imSHRRyS6XUcHa+1Xmr+ziaSiowNcdZT:PjpdWCmSn9c6BzUkXtHaWXmjaSmkT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3060a79a0e708d2b895806aac91cf12_JaffaCakes118

Files

b3060a79a0e708d2b895806aac91cf12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea49f8f87fb6642d3abb77c01e1e0050

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameW
wvnsprintfA
PathRemoveFileSpecW
PathMatchSpecW
StrCmpNIA
wvnsprintfW
StrStrW
StrCmpNIW
SHDeleteKeyA
wnsprintfA
wnsprintfW
PathCombineW
PathFileExistsW

advapi32

CryptAcquireContextW
CryptHashData
RegCloseKey
GetUserNameW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
RegEnumKeyExA
RegQueryValueExA
DuplicateTokenEx
RegSetValueExA
RegDeleteValueA

user32

GetWindowThreadProcessId
OpenDesktopA
GetCursorPos
GetClipboardData
EndDialog
SendMessageA
PeekMessageA
MsgWaitForMultipleObjects
DrawIcon
ExitWindowsEx
GetDlgItemTextA
GetClassNameA
GetDlgItem
SetThreadDesktop
DispatchMessageA

kernel32

GetFileAttributesW
VirtualProtect
GetVersionExW
lstrlenA
GetTickCount
SetFilePointer
EnterCriticalSection
GetLocalTime
lstrcpynW
VirtualAlloc
GlobalLock
InitializeCriticalSection
CreateProcessW
ReleaseMutex
lstrcpyA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE