b8ef36f4ddb009b79b159bfd2398b9cc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b8ef36f4ddb009b79b159bfd2398b9cc_JaffaCakes118
Size

61KB
MD5

b8ef36f4ddb009b79b159bfd2398b9cc
SHA1

5d8027d4addbeea62408efccae0593ce3063bb04
SHA256

c264ed484b89fa3c5f11e5f0d03661db154c2b524357af6b97ec97229dd3724a
SHA512

2a2c3cfdcf7d0de7faa264236f7f6f79937b447a367b12ee4548ff4424a7436f0e8328be82346f30cff5f29a88309f6fd8d7acdd185f4d5b3f24aa2e480ece4b
SSDEEP

1536:ngfk1sJxh1P7jgdeV7zQ9C7st3LbJGWq/JdyrlZHh0:ng81sJhDjw7FLl4hdojB0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8ef36f4ddb009b79b159bfd2398b9cc_JaffaCakes118

Files

b8ef36f4ddb009b79b159bfd2398b9cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b53cf2d91647fabeabb72949ea151952

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathMatchSpecW
PathFileExistsW
wvnsprintfA
wnsprintfW
wvnsprintfW
wnsprintfA
StrCmpNIW
PathCombineW
StrStrW
SHDeleteKeyA
PathFindFileNameW

user32

GetClipboardData
LoadCursorA
GetClassNameA
GetDlgItemTextA
ExitWindowsEx
GetDlgItem
SendMessageA
GetForegroundWindow
SetThreadDesktop
EndDialog
GetCursorPos
CharLowerBuffA
GetWindowLongA
GetWindowTextA

kernel32

FindResourceW
lstrcmpiW
GetFileAttributesW
ReleaseMutex
VirtualAlloc
lstrlenW
LeaveCriticalSection
lstrcmpiA
VirtualProtect
GetModuleHandleA
GetModuleFileNameA
lstrcpyW
HeapAlloc
GetFileSize
OpenMutexW
GetTickCount
GlobalUnlock
GlobalLock
HeapFree
GetLastError
GetLocalTime
InitializeCriticalSection
ExpandEnvironmentStringsW
FindClose

advapi32

RegEnumKeyExA
RegQueryValueExA
GetUserNameW
CryptAcquireContextW
CryptHashData
CryptCreateHash
RegCloseKey
RegDeleteValueA
RegSetValueExA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE