d4473b71829c181bec18bc49c2f5b919_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4473b71829c181bec18bc49c2f5b919_JaffaCakes118
Size

216KB
MD5

d4473b71829c181bec18bc49c2f5b919
SHA1

7c02c79d14285ebdd0a8e5e110537e2a415dd07a
SHA256

91a583ad90bf1a167e3242708bbd039e7c1c09f46cc38d31f68e1c62a5e7fb9a
SHA512

9d48d87c059915a1ba1234176ae610b3473d67290fa9466b5756bb11c1b4ebf104843266984362254c432713a8f99dc57365959b06b700ab98e3f8f5f6b32031
SSDEEP

6144:PTq6diTAwnDnynGcxVPYma9oKb2VyzjST+h:muE1zynGQhYTV4I3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4473b71829c181bec18bc49c2f5b919_JaffaCakes118

Files

d4473b71829c181bec18bc49c2f5b919_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5bdf146fd2a445bf8f88fb6156a888ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

FindWindowExA
GetCursorPos
DrawIcon
GetClipboardData
SendMessageA
GetClassNameA
OpenWindowStationA
DispatchMessageA
ExitWindowsEx
GetMessageA
CloseDesktop
ToUnicode
GetDlgItemTextA
CharLowerBuffA

kernel32

GetFileAttributesW
VirtualProtect
FindNextFileW
lstrcatA
lstrlenA
SystemTimeToFileTime
GetFileTime
SetFilePointer
lstrcatW
LeaveCriticalSection
lstrcpynW
GetVersionExW
CreateMutexW
CreateFileA
GetModuleFileNameA
CreateThread
VirtualAlloc
GetFileSize
WaitForSingleObject
GetSystemTimeAsFileTime
GetLocalTime
lstrlenW
GlobalUnlock
GetLastError
Sleep
ReleaseMutex

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
StrStrW
wvnsprintfA
StrCmpNIA
wnsprintfW
PathFileExistsW
PathCombineW
StrCmpNIW
wnsprintfA

advapi32

CryptHashData
CryptAcquireContextW
DuplicateTokenEx
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
CryptGetHashParam
CryptDestroyHash

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE