bdc02cdf436073e25398aee69032486a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bdc02cdf436073e25398aee69032486a_JaffaCakes118
Size

61KB
MD5

bdc02cdf436073e25398aee69032486a
SHA1

3a51c644077c50819a33be32c234bd29ebddca95
SHA256

cab469f22a57370d2e9527ee572bca823c4e101b4013ec6851aa6fc5936f26e1
SHA512

affe8f73a672243ed476c9ef129a796a27d2004c273ba56051d37c5b45befe0852bc5170ed4127ba9c44fa7ed3211acef74952a1780db4cc6379e8a8ec0215c5
SSDEEP

1536:ciG5g9FFAMTIrdEHt2BHFLmk2Wg7ny+/zqDKnY2po:jGKp9TchFbIy+LSKnYn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bdc02cdf436073e25398aee69032486a_JaffaCakes118

Files

bdc02cdf436073e25398aee69032486a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4913a6a7e6e82a2f74993152ae1e8c1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
WaitForSingleObject
VirtualProtect
VirtualAlloc
GetTimeZoneInformation
GetFileAttributesW
LeaveCriticalSection
SetEvent
lstrcmpiW
CreateEventW
SetFileTime
GetLastError
OpenMutexW
EnterCriticalSection
CloseHandle
HeapReAlloc
GetFileSize
CreateFileA
GetFileTime
lstrcpyA
lstrlenA
FindClose

user32

EndDialog
GetClassNameA
GetMessageA
GetCursorPos
GetWindowTextA
CloseWindowStation
LoadCursorA
DispatchMessageA
GetWindowThreadProcessId
GetKeyState
MsgWaitForMultipleObjects
ToUnicode
SetThreadDesktop
GetKeyboardState
ExitWindowsEx
CloseDesktop
GetForegroundWindow
GetClipboardData
CharLowerBuffA
GetIconInfo
DrawIcon

advapi32

DuplicateTokenEx
CryptAcquireContextW
RegEnumKeyExA
RegCloseKey
CryptGetHashParam
RegCreateKeyExA
GetUserNameW
CryptCreateHash
CryptReleaseContext
CryptDestroyHash

shlwapi

PathMatchSpecW
StrCmpNIA
StrCmpNIW
wnsprintfW
PathFileExistsW
SHDeleteKeyA
PathCombineW
PathFindFileNameW
wnsprintfA
wvnsprintfW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE