b43df73107122ac7845f985e833cf280_JaffaCakes118

General

Target

b43df73107122ac7845f985e833cf280_JaffaCakes118
Size

59KB
MD5

b43df73107122ac7845f985e833cf280
SHA1

64e6898d8428cbdb62a7ed3dc3a9e5e8348cf520
SHA256

c598b18ffa4ff2aaeed6af17dc3300dcf68fd0b90ad58c560ad4e1b83bea06cc
SHA512

27e6042e36b58572f6a87fd93a40dfcf5c2c02d004cb33bd68d09be61642a967dd967cba9917018ba5d15297ab354ee0b1da32e95d99cf13e995b419f38a951f
SSDEEP

768:whjZAI9k3/xPIIM6/pTrrPzWUTBwABptcV32G/TFBFL73y4TYzNQsUoaUIQNFsS6:a8ZQsPLJTB5pKt2y71y4TYz6seqs/B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b43df73107122ac7845f985e833cf280_JaffaCakes118

Files

b43df73107122ac7845f985e833cf280_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb8e3b05f28e89ddb52df7f4a1e0f3f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCmpNIA
PathMatchSpecW
wnsprintfA
StrStrW
wnsprintfW
PathRemoveFileSpecW
SHDeleteKeyA
PathFindFileNameW

kernel32

WideCharToMultiByte
OpenMutexW
GetSystemTimeAsFileTime
LeaveCriticalSection
GetModuleHandleA
VirtualAlloc
GlobalLock
HeapAlloc
SetEvent
VirtualProtect
FindResourceW
CreateFileA
GetModuleFileNameA
FindClose
GetFileTime
GetAtomNameW
Sleep
CreateMutexW
GetUserDefaultUILanguage
GetTimeZoneInformation
lstrcpyA
ReleaseMutex

user32

LoadCursorA
CloseWindowStation
CloseDesktop
ExitWindowsEx
SetThreadDesktop
GetWindowThreadProcessId
FindWindowExA
SendMessageA
GetIconInfo
MsgWaitForMultipleObjects
OpenWindowStationA
GetForegroundWindow
SetProcessWindowStation
DrawIcon

advapi32

CryptHashData
CryptReleaseContext
RegCreateKeyExA
CryptDestroyHash
RegEnumKeyExA
CryptGetHashParam
RegQueryValueExA
RegDeleteValueA
DuplicateTokenEx
RegCloseKey

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 203B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb8e3b05f28e89ddb52df7f4a1e0f3f4

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

advapi32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 512B - Virtual size: 203B

.data Size: 512B - Virtual size: 24KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 512B - Virtual size: 203B

.data
Size: 512B - Virtual size: 24KB