d0e4c6ae4f57a8d6c054708f19fdbbfa_JaffaCakes118 | Triage

Sharing

General

Target

d0e4c6ae4f57a8d6c054708f19fdbbfa_JaffaCakes118
Size

186KB
MD5

d0e4c6ae4f57a8d6c054708f19fdbbfa
SHA1

c660e2a461c7ec03a9045d0278274b989214fff1
SHA256

80c758780ae78913a6f465fa256f1190372c70319fd819f891dc9e992893ad6e
SHA512

50585aee405d0a4add16134f26cbc141d9f1893c9192970aada6d988a8d62541814db090e4adc55e41aacc0f0933ced73df94c4a52561abbd6f702bb4033e89f
SSDEEP

3072:4CT0KADLCIkiTAcDRnDnNOZcLymcYf4PaJo2N1/qYiO9PS4eUjcO8xQY+udw5oTY:PTq6diTAwnDnnLkYgSDNtPiO9PvXvSwn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0e4c6ae4f57a8d6c054708f19fdbbfa_JaffaCakes118

Files

d0e4c6ae4f57a8d6c054708f19fdbbfa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5bdf146fd2a445bf8f88fb6156a888ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowExA
GetCursorPos
DrawIcon
GetClipboardData
SendMessageA
GetClassNameA
OpenWindowStationA
DispatchMessageA
ExitWindowsEx
GetMessageA
CloseDesktop
ToUnicode
GetDlgItemTextA
CharLowerBuffA

kernel32

GetFileAttributesW
VirtualProtect
FindNextFileW
lstrcatA
lstrlenA
SystemTimeToFileTime
GetFileTime
SetFilePointer
lstrcatW
LeaveCriticalSection
lstrcpynW
GetVersionExW
CreateMutexW
CreateFileA
GetModuleFileNameA
CreateThread
VirtualAlloc
GetFileSize
WaitForSingleObject
GetSystemTimeAsFileTime
GetLocalTime
lstrlenW
GlobalUnlock
GetLastError
Sleep
ReleaseMutex

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
StrStrW
wvnsprintfA
StrCmpNIA
wnsprintfW
PathFileExistsW
PathCombineW
StrCmpNIW
wnsprintfA

advapi32

CryptHashData
CryptAcquireContextW
DuplicateTokenEx
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE