cf65eb12ff9e5cbccd08f386b1382fb3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf65eb12ff9e5cbccd08f386b1382fb3_JaffaCakes118
Size

58KB
MD5

cf65eb12ff9e5cbccd08f386b1382fb3
SHA1

6356b8214790459ed76fbb711897d1f36328b62a
SHA256

ea3bdf5ab8bcfca146f13561826f596929c74d7cfe8ff1b1631daf2ee2f91186
SHA512

35a134affcb551fc9454c5914f5b3884b9f62e1572a16cbb7570fc095de7897d44b3a58e53231973f25ddf932ec68f13e1637887b0268f3f0a6e4d80e2277b52
SSDEEP

1536:oYS2uOLhMEUMIX9a05I960Rcoq2AP5yEU:hxhMEUMIXmDRcCARyEU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf65eb12ff9e5cbccd08f386b1382fb3_JaffaCakes118

Files

cf65eb12ff9e5cbccd08f386b1382fb3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

085bfd4ede2b40d8f191e00f7a87c244

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DrawIcon
GetKeyboardState
LoadCursorA
GetKeyState
GetIconInfo
CharLowerBuffA
GetClassNameA
OpenDesktopA
DispatchMessageA
SetProcessWindowStation
GetMessageA
GetDlgItem

shlwapi

wvnsprintfW
PathFileExistsW
PathFindFileNameW
StrStrW
PathRemoveFileSpecW
PathMatchSpecW
PathCombineW
SHDeleteKeyA
wvnsprintfA
wnsprintfW

kernel32

GetFileAttributesW
GetSystemTime
CreateEventW
GetLocalTime
VirtualProtect
GetFileSize
OpenMutexW
GetModuleHandleA
GetUserDefaultUILanguage
VirtualAlloc
CreateFileA
lstrcpyW
GetModuleFileNameW
CreateThread
lstrlenW
FindClose
WideCharToMultiByte
GetModuleFileNameA
GetCommandLineA
Sleep
HeapFree
GetVersionExW

advapi32

RegCloseKey
RegDeleteValueA
CryptHashData
CryptDestroyHash
CryptReleaseContext
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
CryptGetHashParam

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE