bf12b62ee109c522fe7bd8fec60365fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf12b62ee109c522fe7bd8fec60365fe_JaffaCakes118
Size

211KB
MD5

bf12b62ee109c522fe7bd8fec60365fe
SHA1

4c490544431df878eab94ab3ad2459a8f982903a
SHA256

2f1589c1876af4c678f26ee27b456f7c13b780ca04a96f81ffa732e747e2589a
SHA512

40bc98991fe88465ea76064ac872a1a6ad03398ffb283d972b7483bc1ce7516194f801e77b57de7d06b5e34f84cd4122d1d0c716bedf07be76aeffc6e7da3f59
SSDEEP

3072:52YWLMnCcePpRALyIDyz2NzrsTW3DYSEexONVr5OLrCn3bsZ9bifVIM1HvGZUGJQ:reaLyI82NzQTWTYIOIXHifqavg2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf12b62ee109c522fe7bd8fec60365fe_JaffaCakes118

Files

bf12b62ee109c522fe7bd8fec60365fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b2b95623a42e3d1c3a7487f630cceabd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GetLastError
lstrlenA
lstrcatA
WaitForSingleObject
CloseHandle
WriteFile
CreateFileA
GetTempFileNameA
lstrcmpA
GetTempPathA
ExitProcess
GetCurrentThreadId
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
VirtualQueryEx
GetModuleHandleA
GetThreadContext
CreateProcessA
GlobalFree
TerminateProcess
ResumeThread
VirtualFree
FindAtomA
VirtualAlloc
OpenProcess

user32

GetThreadDesktop
OpenInputDesktop
IsWindowVisible
EqualRect
InflateRect
ClientToScreen
SetThreadDesktop
GetFocus
FindWindowA
GetCursorPos
GetWindowThreadProcessId
CloseDesktop
wsprintfA

shell32

ShellExecuteA

shlwapi

SHGetValueA

advapi32

CreateProcessAsUserA
OpenProcessToken

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE